for our communication with you
As lawyers, being legally bound to secrecy by profession, we are aware of the high value and the indispensable integrity of your data, be it personal or company-related data and information. In this section, we inform you about the processing of your personal data in accordance with the EU General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG).
Responsible for data processing is
Phone: +49 221 650 65-0
Fax: +49 221 650 65-110
Our data protection officer is
Mr. Stephan Geistmann
Phone: +49 221 650 65-0
Fax: +49 221 650 65-110
Your personal data
Personal data is all information that concerns you as a person. We may process the following personal data about you:
- First and last name, title and form of address
- Your contact details: Professional and/or private contact information such as address, telephone number, fax number, e-mail address, professional position (if applicable) and current status within the company
- Your personal data in connection with a specific mandate: all personal information relating to our assignment and thus the mandate; this is primarily information you provide us with for the purpose of managing the mandate, if it contains information about specific natural persons (e.g. information on content, documents sent and correspondence between you and third parties) - the categories and scope of the data naturally varies from mandate to mandate
In individual cases and depending on the nature and scope of the mandate, we also process special categories of personal data in accordance with Art. 9 GDPR, i.e. information on racial and ethnic origin, political opinions, religious or ideological convictions or trade union membership, as well as the processing of genetic data, biometric data for the clear identification of a natural person, health data or data on sexual life or sexual orientation
- Your bank account details
We collect personal data
- from you as the person concerned
- if necessary, by notification via our clients
- if necessary, based on own research from sources that are publicly available (e.g. Internet)
- if necessary, with third parties or public bodies where information can be requested under certain conditions (e.g. public registers)
Purposes of processing
We process personal data for the following purposes:
- Fulfilment of the mandate agreements concluded by us (Art. 6 I 1 lit. b) GDPR); depending on the individual case, this includes, among other things, the sorting and evaluation of documents and information, the preparation of legal opinions, contracts, statements, the conduct of contract negotiations, out-of-court negotiations or court or authority proceedings, for our clients and vis-à-vis the other parties. This also includes the sending of notices and information on new legal developments, if these are closely linked to an existing mandate agreement.
- Settlement of the lawyer's fee for our contractually owed activities (Art. 6 I 1 lit. b) GDPR).
- Out-of-court and judicial assertion of our own claims against you arising from the mandate relationship, which is in our legitimate interest (Art. 6 I 1 lit. f) GDPR).
- In the case of special categories of personal data, also the assertion, exercise or defence of legal claims (Art. 9 II lit. f) GDPR).
- Fulfilment of legal obligations, e.g. our professional documentation obligations under the BRAO and BORA or the verification requirements under the Money Laundering Act (Art. 6 I 1 lit. c) GDPR).
- Maintaining personal business relationships and maintaining contact where this is in our legitimate interest (Art. 6 I 1 lit. f) GDPR).
- Emailing of our newsletter with information on new developments in certain areas of law and / or information on general new developments ("Recht aktuell") as well as on webinars and other events organised by us, provided that you have consented to receive it in each case (Art. 6 I 1 lit. a) GDPR).
- Postal mailing of information on new developments ("Recht aktuell") and invitations to events organized by us for our clients, if these direct marketing and information measures are in our legitimate interest (Art. 6 I 1 lit. f) GDPR).
Within the scope of our legal services, we do not process your personal data on your behalf in accordance with Art. 28 GDPR, but we process it in a manner that is free of instructions in terms of content and subject matter, and we are responsible for determining whether and how the data is processed. The conclusion of a contract with us for the processing of orders with the obligatory content in accordance with Art. 28 GDPR is therefore not required.
Transmission of your data to third parties
Depending on the individual case, the provision of our legal services may require contact with authorities and courts and the transfer of your personal data to these bodies, e.g. also due to legal obligations such as those arising from the Money Laundering Act.
In order to provide the best possible service, we also work together with external service providers that we always select carefully and integrate in accordance with data protection laws, in particular
- of DATEV eG, Paumgartnerstraße 6 - 14, 90429 Nuremberg, which provides us with specific IT applications on the basis of an order processing agreement in accordance with Art. 28 GDPR;
- AirITSystems GmbH, Benkendorfstraße 6, 30855 Langenhagen, Germany, which supports us in the provision of data rooms on the basis of an order processing agreement in accordance with Art. 28 GDPR;
- A Vista Studios, Dipl.-Ing. Stefan Lung, Stüttekofener Straße 55, 51375 Leverkusen, Germany, who support us in the provision of our website on the basis of an order processing agreement according to Art. 28 GDPR;
- the CleverReach GmbH & Co. KG, Mühlenstraße 43, 26180 Rastede, whose software services we use for sending our newsletters on the basis of an order processing agreement pursuant to Art. 28 GDPR;
- SHUFFER GmbH, Adlerstraße 41, 70199 Stuttgart, whose software offers we use for the dispatch of electronic greeting cards on the basis of an order processing agreement pursuant to Art. 28 GDPR;
- service providers in the field of marketing, to whom we transfer personal data, if at all, on the basis of an order processing agreement pursuant to Art. 28 GDPR;
- postal service providers who deliver postal items to you, financial institutions for the processing of payments and court and authorities if this is necessary for our activities or if we are obliged to do so.
Personal data will only be transferred to a third country outside the EU or to an international organization if this is necessary to fulfill the mandate; in this case we will ensure an adequate level of data protection in the destination country in compliance with Art. 44 et seq. GDPR.
Your data in safe hands
Your personal data are stored centrally on our local servers in our office in Cologne and - in backup - at DATEV eG in Nuremberg and thus exclusively in Germany.
We process your personal data on our servers primarily by means of the Microsoft software applications you are familiar with (Office applications). In addition, we use applications of the provider DATEV eG, Paumgartnerstr. 6 - 14, 90429 Nuremberg, in the field of electronic file management and electronic billing. DATEV carries out software maintenance and servicing services on our systems. In individual cases, it cannot be ruled out that DATEV may gain access to your personal data. DATEV acts strictly in accordance with our instructions as a processor in accordance with Art. 28 GDPR, whom we have carefully selected and contractually obliged to take the necessary data security measures.
We process your personal data in accordance with appropriate technical and organizational measures (Art. 32 GDPR); this must be emphasized:
- Access to all offices only by means of an individual electronic key card
- Password-protected account of each individual workstation computer and each mobile device used for business purposes
- Encrypted VPN connections
- Personalized access to DATEV file management only for authorized employees
- Seamless anonymization of documents to be translated by translation service providers or corresponding IT applications
- High security level in accordance with Art. 32 GDPR through DATEV (including comprehensive encryption with 2-factor authentication, information management system in accordance with ISO and certified data protection management system)
- Encrypted e-mail transmission (transport encryption with TLS) as well as, if desired, content encryption of our e-mail communication (for decryption, a password is required, which will be communicated to you by other means (SMS, telephone, fax, etc.) the first time you use it)
Deletion of your personal data
We store your personal data for as long as a contractual relationship exists with you or your employer, we have a legitimate interest in further storage and use or we are legally obliged to do so (obligation to store data, particularly for tax reasons, for a regular period of 10 years). We will delete your personal data immediately after expiry of the respective time periods.
As far as we process your personal data, you are entitled to various data protection claims against us. You have the right,
- to request information about the data stored about your person and its origin, the purpose of processing and the recipients or categories of recipients of the data (Art. 15 GDPR, § 34 BDSG)
- under certain conditions, to demand correction, blocking (restriction of processing) or deletion of your personal data from us (Art. 16 - 18 GDPR, § 35 BDSG)
- to request the transfer of your data to another responsible party (Art. 20 GDPR) and
- to complain to us or to a competent data protection authority about data processing (Art. 77 GDPR)
You may also object to the further processing of your data if we process your data on the basis of a legitimate interest (Art. 6 para. 1 sentence 1 lit. f) GDPR). If we do not process your data for advertising purposes, this requires a reason arising from your particular situation. In the event of an objection, we will not process your personal data to which the objection relates any further from the time of receipt during the subsequent examination and will delete it after the examination has been completed - if the objection is justified (§ 36 BDSG, Art. 21 GDPR).
You may revoke any consent to data processing (Art. 6 Para. 1 S. 1 lit. a) GDPR) that you have given us at any time; we will then no longer process your personal data unless we have legal permission to do so.
A justified objection and a revocation have no influence on data processing operations that have already taken place.
We fulfil all rights to which you are entitled free of charge and without delay. For this and all other questions, please contact us directly or our data protection officer using the contact details given at the beginning.