Conceptual Definitions
According to Art. 4 GDPR, personal data is all data that can be related to you personally, e.g. name, address or email address. Regarding the other terms used below, such as “Controller” or “Processor”, we refer to the catalog of definitions in Art. 4 GDPR.
Controller
The processing of personal data in connection with the provision of our legal services is carried out by
Law Firm Nieweg
Tulpenstr. 1
D – 33803 Steinhagen
(hereinafter “we”, “us”)
Types of Processed Data
When you mandate us, we process the following personal data as part of our consulting activities:
– Master data (e.g. name, address, contact information such as email, telephone number and internet address),
– Mandate-related data (e.g. contracts, communication, delivery notes, evidence, witness data),
– Consulting data (e.g. contents of inquiries, consulting documentation, documents, file notes, legal opinions and legal assessments),
– Activity data (e.g. consulting documentation, performance records, invoices, and other information necessary for the assertion and defense of your rights within the scope of the mandate),
– as well as other data that you voluntarily provide to us within the scope of the mandate relationship.
Insofar as the scope of application of the Money Laundering Act is opened, we are obliged to collect and process further information, § 2 para. 1 no. 10 Money Laundering Act. The scope of application is opened if we
a) participate in the planning or execution of the following transactions for the client:
aa) purchase and sale of real estate or commercial enterprises,
bb) management of money, securities or other assets,
cc) opening or management of bank, savings or securities accounts,
dd) procurement of funds necessary for the establishment, operation or management of companies,
ee) establishment, operation or management of trust companies, companies or similar structures,
b) carry out financial or real estate transactions in the name and on behalf of the client,
c) advise the client with regard to its capital structure, industrial strategy or related issues,
d) provide advice or services in connection with mergers or acquisitions or
e) provide professional assistance in tax matters.
This includes, among other things, information about your identity, the beneficial owners, the purpose and nature of the business relationship and the transactions carried out, as well as the money laundering risk. For natural persons, in order to fulfill our obligations under the Money Laundering Act, we additionally make a copy of an official identification document of the client in accordance with § 8 para. 2 sentence 1 Money Laundering Act. For legal entities, the information required by the Money Laundering Act about the beneficial owners within the meaning of § 3 Money Laundering Act is also collected.
Purpose of Processing
Unless otherwise stated, we process your personal data to fulfill our obligations arising from the underlying attorney contracts. The legal basis is Art. 6 para. 1 sentence 1 lit. b GDPR. This includes in particular appropriate legal advice outside of court, conducting correspondence with contractual partners, courts and opposing parties, invoicing, handling of any liability claims as well as the assertion of any claims against you. Furthermore, we process your personal data if this is necessary for the fulfillment of a legal obligation to which we are subject, e.g. from the Money Laundering Act (Art. 6 para. 1 sentence 1 lit. c in conjunction with §§ 10, 11, 12 para. 1 and para. 2 Money Laundering Act). We may also process your personal data within the scope of the following purposes:
a) Contact requests: If you contact us by email, the data you provide (your email address, if applicable your name, telephone number and other information) will be stored by us to process and answer your questions; if a mandate relationship exists, Art. 6 para. 1 sentence 1 lit. b GDPR is the legal basis.
In the event that no mandate relationship exists, our legitimate interests in answering the contact request are the legal basis according to Art. 6 para. 1 sentence 1 lit. f GDPR.
b) Client communications: From time to time, we may inform our clients about current developments in jurisprudence and case law. In long-term mandate relationships, this is done in the execution of the existing mandate relationship according to Art. 6 para. 1 sentence 1 lit. b GDPR; otherwise on the basis of our legitimate interests according to Art. 6 para. 1 sentence 1 lit. f GDPR, in order to inform our clients about current developments relevant to them.
c) Christmas and other greeting cards: If we know you personally and/or you have a client relationship with our law firm, we may send you greeting cards for special occasions, such as Christmas, based on our legitimate interests according to Art. 6 Para. 1 S. 1 lit. f GDPR. We assume that recipients are pleased to receive greetings for special occasions. If this is not the case, you can object to the sending of greeting cards according to Art. 21 GDPR (see section 7 for details).
Transfer to Third Parties, Categories of Data Recipients
We transfer your data to third parties within the scope of fulfilling our obligations from the underlying contracts according to Art. 6 Para. 1 S. 1 lit. b GDPR, insofar as this is necessary for handling the client relationship. This particularly concerns the transfer to opposing parties in proceedings and their representatives as well as courts and other public authorities for the purpose of correspondence and for asserting and defending your rights, and banking institutions for payment processing.
In addition, we use external technical service providers as processors according to Art. 28 GDPR, who are carefully selected and monitored by us. A transfer may also occur due to legal regulations, for example, to report suspicious cases according to § 43 GwG to the competent authority. The legal basis for the transfer in this case is Art. 6 Para. 1 S. 1 lit. c GDPR in conjunction with § 43 GwG.
Rights of Data Subjects
You generally have the right to:
– withdraw any consent given to us at any time according to Art. 7 Para. 3 GDPR. This means that we may no longer continue the data processing based on this consent for the future. A withdrawal does not affect the lawfulness of previous processing;
– request information about your personal data processed by us according to Art. 15 GDPR. In particular, you can request information about (1) the purposes of processing, (2) the category of personal data, (3) the categories of recipients to whom your data has been or will be disclosed, (4) the planned storage duration, (5) the existence of a right to rectification, erasure, restriction of processing or objection, (6) the existence of a right to complain, (7) the source of your data, if not collected from you, (8) as well as the existence of automated decision-making including profiling and, if applicable, meaningful information about its details;
– request the correction of inaccurate or completion of your personal data stored by us according to Art. 16 GDPR;
– request the deletion of your personal data stored by us according to Art. 17 GDPR, unless the processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise or defense of legal claims;
– request the restriction of processing of your personal data according to Art. 18 GDPR, (1) if you contest the accuracy of the data, (2) the processing is unlawful but you oppose the erasure, (3) we no longer need the data but you require it for the establishment, exercise or defense of legal claims
– object to the processing according to Art. 21 GDPR:
If we base the processing of your personal data on the balancing of interests according to Art. 6 Para. 1 S. 1 lit. f GDPR, you can object to the processing. When exercising such an objection, we ask you to explain the reasons why we should not process your personal data as we have done. In the case of your justified objection, we will examine the situation and will either discontinue or adapt the data processing or demonstrate to you our compelling legitimate grounds on which we will continue the processing.
– receive your personal data, which you have provided to us, in a structured, commonly used and machine-readable format or to request the transfer to another controller according to Art. 20 GDPR and
– complain to a supervisory authority according to Art. 77 GDPR. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our law firm’s headquarters.
Duration of Storage of Personal Data or Criteria for Storage Duration
We delete personal data after and to the extent that storage is no longer necessary for client processing or execution and no legitimate interests or legal obligations on our part, such as the obligation to conduct a conflict of interest check according to § 43a Para. 4 BRAO, or legal retention obligations (§ 147 AO, § 257 HGB, § 14b UStG) prevent deletion. Accordingly, deletion generally occurs 5 to 10 years after the end of the client relationship, in the case of titled claims after 30 years.
