Information on the Collection of Personal Data

In what follows, the owner and operator Code & Co. GmbH (see Sec. 2 "we", "us", "our") provide information on the collection of personal data occurring when you are using our website www.codeandco.com ("website"). Personal data is all data that can be related to you in person, e.g. name, address, email addresses, user behavior. In addition, we provide information on the processing of personal data within the framework of our mandates. As a rule, we also process personal data when providing our advisory services. We take our professional duty of confidentiality and the trust of our clients very seriously.

Those responsible

The person responsible pursuant to Art. 4 para. 7 of the EU General Data Protection Regulation ("GDPR") is Code & Co. GmbH, Ahornallee 48, 14050 Berlin, Germany, registered in Local Court of Charlottenburg under the register number HRB 177819 B, hello@codeandco.com. You can address enquiries to our data protection officer via hello@codeandco.com or our postal addresses with the addition "Data protection matter" to us.

Data protection rights

You have the right:

• in accordance with Art. 7 para. 3 GDPR to revoke any consent given to us at any time. The consequence of this is that we may no longer continue any data processing based on this consent in the future;
• to request information about your personal data processed by us in accordance with Art. 15 GDPR. In particular, you may request information on the purposes of processing, the category of personal data, the categories of recipients to whom your data have been or will be disclosed, the planned storage period, the existence of a right to rectification, deletion, limitation of processing or objection, the existence of a right of complaint, the origin of your data, unless it has been collected from us, as well as the existence of an automated decision making process including profiling and, where applicable, meaningful information on their details;
• in accordance with Art. 16 GDPR, to immediately request the correction of incorrect or incomplete personal data stored by us;
• to demand the deletion of your personal data stored by us in accordance with Art. 17 GDPR, unless the processing is necessary for the exercise of the right to freedom of expression and information, for the fulfilment of a legal obligation, for reasons of public interest or for the assertion, exercise or defence of legal claims;
• to demand the restriction of the processing of your personal data in accordance with Art. 18 GDPR if the correctness of the data is disputed by you, the processing is unlawful, but you refuse to delete it, and
• we no longer need the data, but you need it for the assertion, exercise or defence of legal claims or you have lodged an objection against the processing pursuant to Art. 21 GDPR
• in accordance with Art. 20 GDPR, to maintain your personal data which you have provided to us in a structured, common and machine-readable format or to request transmission to another responsible person; and
• to complain to a supervisory authority pursuant to Art. 77 GDPR. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or of our office.

In order to exercise the above rights, please contact us by means of the options listed under § 2.

Information about your right of objection

If your personal data is processed on the basis of legitimate interests pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR, you have the right to object to the processing of your personal data pursuant to Art. 21 GDPR if there are reasons to do so which result from your particular situation. If you wish to exercise your right to object, simply send an e-mail to hello@codeandco.com.

Collection, processing and use of your data when using or website

When you are using our website we only collect the personal data that your browser is transmitting to our server. This is the following data which we require technically in order to show you our website and to ensure stability and safety (the legal basis being Article 6 para. 1 sentence 1 lit. f GDPR, our legitimate interest being technical possibility of website operation):

• IP address;
• Date and time of request;
• Time zone difference to Greenwich Mean Time (GMT);
• Content of request (particular page);
• Access status/HTTP status code;
• Individual amount of data transferred;
• Website from which the request originates;
• Browser;
• Operating system and its surface; and
• Language and version of browser software.

In addition to the data aforementioned, we process your personal data only if there is a legitimate interest in the operation of the website, in particular:

• replying to enquiries;
• for the provision of services and/or information intended for you
• for the operation and administration of our website;
• for the prevention and investigation of fraud and criminal offences; and/or
• for ensuring network and data security, insofar these interests are in accordance with the applicable law and with the rights and freedom of the user
• you declared consent into collecting your data for specifically mentioned, legitimate purposes; or
• we are legally obliged to do so.

Deletion of stored data

Your stored personal data will be deleted if the deletion does not conflict with statutory retention obligations or if the personal data is no longer required for its intended use in accordance with Art. 17 GDPR. If there is a legally permissible purpose for the further storage of personal data, their processing is restricted in accordance with Art. 18 GDPR in which these data are blocked and no longer processed. This applies in particular to data that must be kept for legal reasons.

Collection and storage of personal data as well as type and purpose and their use in case of mandate

When you mandate us, we generally collect the following information:

• Your title, first name, surname and, if applicable, the name of your company,
• your e-mail address,
• your address,
• the telephone numbers you provide us with, and
• the information necessary for advising under the mandate.

These data shall be collected,

• to identify you as our client;
• to comply with our professional obligations;
• in order to be able to advise and represent you appropriately;
• to correspond with you;
• for invoicing; as well as
• for the settlement of any mutual claims.

Data processing for these purposes is carried out on the basis of your request to accept a mandate and is necessary for the appropriate processing of the mandate and for the mutual fulfilment of obligations arising from the mandate agreement pursuant to Art. 6 para. 1 sentence 1 lit. b GDPR.

The personal data collected by us will be stored until the end of the legal retention obligation, and deleted thereafter, unless we are obliged to a longer storage, legitimate interests in the storage exist (e.g. during the course of limitation periods for the purpose of any legal defence which may be required) or you have consented to storage going beyond this in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR.

Passing on data from the mandate relationship to third parties

Our personal data will not be transferred to third parties for purposes other than those listed below. Insofar as this is necessary in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR for the processing of client relationships with you, your personal data will be passed on to third parties. This includes, in particular, passing on your personal data to negotiating partners. The data passed on may be used by the third party exclusively for the aforementioned purposes. The attorney-client privilege remains unaffected. As far as the data concerned is subject to mandate-client privilege, the aforementioned disclosure to third parties shall only take place in consultation with you.

Transfer of data from the mandate to third countries

Depending on the content of the client relationship, it may be necessary for us to transfer your data to a third country. If we do so, the data will be transferred in order to fulfil our obligations under the mandate.