Data Protection

Information on Data Processing in Client Engagements

1. Controller

The party responsible for processing personal data in connection with my legal practice is:

Nieweg Law Firm
Attorney Petra Nieweg
Tulpenstraße 1
33803 Steinhagen

Phone: +49 5204 9249884
Email: info@anwaltskanzlei-nieweg.de

2. What Data I Process

If you engage me or initiate an engagement, I process the personal data necessary for the review, execution, and settlement of the mandate. This includes, in particular:

  • Master data such as name, address, email address, and telephone number,
  • Mandate-related data such as contracts, correspondence, documents, evidence, and other factual information,
  • Consultation and procedural data such as file notes, legal assessments, pleadings, expert opinions, and invoices,
  • as well as other data you provide to me within the client relationship.

Depending on the nature of the mandate, this may also include special categories of personal data, such as health data, social data, or other particularly sensitive information.

3. Purposes and Legal Bases of Processing

I primarily process your personal data to review, accept, execute, and settle the mandate. This includes, in particular:

  • legal advice and representation,
  • correspondence with opposing parties, authorities, courts, insurers, and other parties involved,
  • the preparation of pleadings, contracts, statements, and invoices,
  • as well as the assertion, enforcement, or defense of claims.

The legal basis is generally Art. 6 (1) (b) GDPR .

Insofar as special categories of personal data are processed, this is done – depending on the case – on the basis of Art. 9 para. 2 GDPR , particularly insofar as the processing is necessary for the establishment, exercise, or defense of legal claims.

In addition, I process data insofar as I am legally obliged to do so, for example, due to professional or anti-money laundering regulations. The legal basis in this respect is Art. 6 (1) (c) GDPR .

Insofar as processing does not directly serve the execution of the mandate, it may also be based on Art. 6 (1) (f) GDPR , for example, for handling general contact inquiries or for safeguarding legitimate organizational and legal interests.

4. Money Laundering Act

If the scope of the Money Laundering Act applies, I am obliged to collect and process additional data. This particularly concerns certain activities related to real estate, companies, assets, or financial transactions. The corresponding obligations for attorneys arise from § 2 para. 1 no. 10 GwG .

In these cases, I may be obliged, in particular, to:

  • verify your identity,
  • collect information on beneficial owners,
  • document information on the purpose and nature of the business relationship,
  • and retain anti-money laundering relevant documents.

For natural persons, this may also include making a copy of an identity document, if legally required.

5. Disclosure to Third Parties

I only disclose your personal data if legally permissible and necessary for the processing of the mandate.

Recipients may include, in particular:

  • courts,
  • authorities,
  • opposing parties and their legal representatives,
  • banks and payment service providers,
  • experts, interpreters, or other parties involved in the proceedings,
  • as well as technical service providers acting as processors for me.

Disclosure may also occur if I am legally obliged to do so, for example, in the cases provided for by the Money Laundering Act.

6. Contact

If you contact me by email, telephone, or other means, I process the data you provide to handle your inquiry.

Insofar as your inquiry is aimed at initiating a mandate, processing is carried out on the basis of Art. 6 (1) (b) GDPR . Otherwise, the legal basis is Art. 6 (1) (f) GDPR .

7. Your Rights

Within the framework of the legal requirements, you have the right:

  • to information about your personal data,
  • to the correction of incorrect data,
  • to erasure,
  • to the restriction of processing,
  • to data portability,
  • to object to processing based on Art. 6 para. 1 lit. f GDPR,
  • as well as to withdraw a given consent with effect for the future.

Furthermore, you have the right to lodge a complaint with a data protection supervisory authority.

8. Competent Supervisory Authority

The data protection supervisory authority competent for me is:

State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia
Postfach 20 04 44
40102 Düsseldorf

Phone: +49 211 38424-0
Email: poststelle@ldi.nrw.de
Website: https://www.ldi.nrw.de

You can lodge a complaint with this or another competent data protection supervisory authority if you believe that the processing of your personal data violates the GDPR.

9. Duration of Storage

I do not store personal data longer than necessary for the execution of the mandate, the fulfillment of legal obligations, or the safeguarding of legitimate interests.

For attorney’s files, the retention period of § 50 BRAO generally applies. According to this, files must be retained for six years. The period begins at the end of the calendar year in which the engagement was terminated.

In addition, longer statutory retention obligations may exist for individual documents, particularly for billing and tax-relevant documents. § 147 AO and § 14b UStG are particularly relevant in this regard.

Insofar as personal data is additionally required for the assertion, exercise, or defense of legal claims, longer storage may also be considered in individual cases.

10. Status

Status: March 2026