Data Protection Declaration

To fulfil the obligations notably arising from Art. 12 et seq. GDPR, we hereby publish the following informations regarding data protection (data protection declaration).

I.        Contact information of the controller

Our office’s lawyers are already obliged to strict data protection by rules of professional conduct as laid down in s. 2 BORA and s. 43 a (2) BRAO. Therefore, every lawyer within our office determines the purposes and means of the processing of personal data by themselves and thus is controller according to Art. 4 (7) GDPR and further data protection regulations.

In addition, we forehandedly also classify the law firm as controller according to Art. 4 (7) GDPR, whose contact information is as follows:

Rechtsanwälte Dr. Linhard, Lehmann & Specht GbR

Adolfstraße 1

D-38102 Brauschweig

Tel: +49 (0)531 220 920

Fax: +49 (0)531 220 92 92

info{at}DrLLS{dot}de

https://www.DrLLS.de

II.      Contact information of the person in charge for data protection

To ensure a consitently high standard in data protection we also have as a person in charge for data protection:

Mr. RA Dr. Philipp Lehmann

Adolfstraße 1

D-38102 Brauschweig

Tel: +49 (0)531 220 920

Fax: +49 (0)531 220 92 92

PL{at}DrLLS{dot}de

https://www.DrLLS.de

III.    General remarks regarding data processing

1.    Terminology

To improve comprehension of commonly used terminology related to data protection, we refer to the following definitions:

a.)   Personal data

In accordance with Art. 4 (1) GDPR ‚personal data‘ means any information relating to an identified or identifiable natural person (hereinafter referred to as ‚data subject‘); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Information which cannot (or can only by involving disproportionate efforts) be attributed to your person, e.g. due to pseudonymisation or anonymisation, by contrast is no personal data but other data.

b.)       Processing

As laid down in Art. 4 (2) GDPR, ‚processing‘ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

c.)        Controller

In line with Art. 4 (7) GDPR, ‚controller‘ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

d.)       Processor

According to Art. 4 (8) GDPR, ‚processor‘ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

e.)        Third Party

‘Third party‘ means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

f.)        further definitions

For further definitions regarding data protection law terminology, please also refer to Art. 4 GDPR.

2.    Scope of processing of personal data

As a matter of principle, we process personal data only to the extent necessary to provide a functional website and its contents as well as to carry out our legal services (processing of mandates) and our general office operations.

Personal data are regularly processed only with the consent of the person concerned. An exception is made in those cases in which the processing of personal data is lawful even without the prior consent of the person concerned, in accordance with Art. 6 (1) sentence 1 lit. b -f GDPR. 

3.    Legal basis for the processing of personal data

Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6 (1) sentence 1 lit. a GDPR serves as the legal basis.

In the processing of personal data which is necessary for the performance of a contract to which the data subject is a party, Art. 6 para. 1 sentence 1 lit. b GDPR serves as the legal basis. This also applies to processing operations which are necessary for the implementation of pre-contractual measures.

Insofar as the processing of personal data is necessary to fulfil a legal obligation to which our law firm is subject, Art. 6 (1) sentence 1 lit. c GDPR serves as the legal basis.

In the event that vital interests of the person concerned or of another natural person make it necessary to process personal data, Art. 6 para. 1 sentence 1 lit. d GDPR serves as the legal basis.

If the processing is necessary for the purposes of the legitimate interests pursued by our law firm or by a third party and if the interests, fundamental rights and freedoms of the data subject do not override the former interest, Art. 6 (1) sentence 1 lit. f GDPR serves as the legal basis for the processing.

4.        Data erasure and storage duration

The personal data of the person concerned will be deleted or blocked as soon as the purpose of the storage is no longer applicable.

Furthermore, data may be stored if this has been determined by the European or national legislator in Union regulations, national laws or other regulations to which our law firm or our lawyers are subject. Therefore, personal data collected in the course of the processing of the mandate will be stored until the expiry of the statutory retention period for lawyers (6 years after the end of the calendar year in which the mandate was completed) and deleted thereafter, unless we are obliged to store the data for a longer period of time in accordance with Art. 6 (1) sentence 1 lit. c GDPR due to tax and commercial law retention and documentation obligations (from the commercial code, HGB, the criminal code, StGB or the fiscal code, AO) or you have consented to a storage exceeding this period in accordance with Art. 6 (1) sentence 1 lit. a GDPR.

5.        Security and safety measures for data protection

We protect your and our stored data in the best possible way against unauthorized access by unauthorized third parties. In doing so, we take various technical, structural and organisational security and safety measures, both in the digital and analogue field, which are regularly checked and adapted to the current state of the art.

However, we are pointing out that due to the internet’s structure it is possible that the rules of data protection are not observed by malicious third parties. In particular, data disclosed in unencrypted form, especially in the context of e-mail communication, can be read and even altered by unauthorised third parties. It is the user’s responsibility to protect the data provided by them against misuse by means of encryption or in other ways.

IV.       Data processing via our website (www.DrLLS.de)

1.        Website provision and creation of log files

a.)       Description and scope of data processing

Whenever you visit our website (www.DrLLS.de), our system automatically collects data and information from the calling computer’s system. The following data are collected:

– Information concerning the browser type and the version used

– The user’s operating system

– The user’s internet service provider

– The user’s IP address

– Date and time of access

The data are also stored in our system’s log files. Not affected by this are the user’s IP addresses or other data which allow the data to be assigned to a user. A storage of these data together with other personal data concerning the user is not intended.

b.)       Legal basis of data processing

The legal basis for the temporary storage of data is Art. 6 (1) sentence 1 lit. f GDPR.

c.)       Purpose of data processing

The processing of the data mentioned above is necessary for the technical operation of our website. The temporary storage of the IP address in the system is necessary to enable the website’s delivery to the user’s computer. For this purpose, the user’s IP address must be stored for the duration of the session. This logging also serves to detect and correct technical errors on our website. Furthermore, these data are required in order to detect and prevent possible misuse of our website. These purposes also determine our legitimate interest in data processing in accordance with Art. 6 (1) sentence 1 lit. f GDPR.

d.)       Duration of storage

The above-mentioned data will be deleted as soon as they are no longer needed to achieve the purpose for which they were collected. If the data have been collected for the purpose of providing the website, this is the case when the respective session has ended. After four weeks at the latest, the remaining data mentioned above will be deleted.

e.)       Transfer of data to third parties

A transfer of the above-mentioned data to third parties takes place within the framework of the above-mentioned purposes, i.e. solely in compliance with the data protection regulations concerning processors in accordance with Art. 28 f. GDPR (hosting of the website / web space provider) in order to provide and deliver the website to you.

f.)        Right to object and other rights of data subjects

The collection of the aforementioned data in order to provide and deliver our website to you and the storage of the data in log files is essential for the technical operation of our website. The user therefore has no right of objection in this respect.

However, as a user of our website, you are entitled to exercise the other rights of data subjects. You thus have the right:

    to access your personal data processed by us in accordance with Art. 15 GDPR. In particular, you may request information on the purposes of the processing, the categories of personal data, the categories of recipients to whom your data have been or will be disclosed, the envisaged period for which the data will be stored, the existence of a right of rectification, erasure, restriction of processing or opposition, the existence of a right to lodge a complaint with a supervisory authority, the origin of your data, where it has not been collected by us, as well as the existence of automated decision-making, including profiling, and, where applicable, meaningful information on the details thereof;

    in accordance with Art. 16 GDPR, to obtain without undue delay the rectification of incorrect or the completion of your personal data stored by us;

    in accordance with Art. 17 GDPR, to obtain the erasure of your personal data stored with us, unless processing is necessary to exercise the right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims;

    in accordance with Art. 18 GDPR, to obtain the restriction of the processing of your personal data, where the accuracy of the data is contested by you, the processing is unlawful, but you oppose the erasure and we no longer require the data, but you require it for the establishment, exercise or defence of legal claims;

    in accordance with Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request that it be transferred to another controller and

    to lodge a complaint with a supervisory authority in accordance with Art. 77 GDPR, in particular, you can turn to the supervisory authority of your habitual residence or place of work or to our office.

You will find an even more detailed description of your data subject rights below under V. 6.

2.        Use of cookies

For our website neither the use of own cookies nor of third party cookies is intended.

3.        Payment services and payment procedures

Payment services and payment procedures are not provided for our website.

4.        E-mail newsletter

An e-mail newsletter is not planned for us.

5.        Social media plug-ins

The use of social media plug-ins is not intended for our website.

6.        Registration

A registration option is not provided for our website.

7.        Contact form

A contact form is not provided for our website.

8.        Advertising and marketing services

No advertising or marketing services are provided for our website.

9.        Web analysis

No web analysis is provided for our website. We therefore do not use tools like Matomo (formerly PIWIK) or Google Analytics.

V.        Data processing in our office

1.        Description and extent of data processing

We also collect personal data when contacting our law firm or one of our lawyers independently of our website. The following information is collected:

Title, first name, surname,

Address,

Telephone number (landline and/or mobile),

E-mail address,

information necessary for the enforcement and defence of rights within the   

mandate’s framework and/or for the operation of our law firm.

In the area of personnel administration, additionally recorded data are:

Date of entering and leaving the employment, salary, pension and social security data, bank details, warnings and, if applicable, certificates and documents of application.

Description of the groups of persons concerned:

Interested parties, clients and their respective relatives, employees, customers, suppliers, opponents, courts, authorities, legal expense insurance companies and their respective employees; contractors/service providers of our law firm and our lawyers; our law firm’s lawyers‘ staff.

2.        Legal basis for data processing

Insofar as we obtain the data subject’s consent for the processing of personal data, Art. 6 (1) S. 1 lit. a GDPR serves as the legal basis.

In the processing of personal data which is necessary for the performance of a contract to which the data subject is a party, Art. 6 (1) S. 1 lit. b GDPR serves as the legal basis. This also applies to processing operations which are necessary for the implementation of pre-contractual measures.

Insofar as the processing of personal data is necessary to comply with a legal obligation to which our law firm is subject, Art. 6 (1) S. 1 lit. c GDPR serves as the legal basis.

In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 (1) S. 1 lit. d GDPR serves as the legal basis.

If the processing is necessary for the purpose of a legitimate interest pursued by our law firm or by a third party and if the interests or fundamental rights and freedoms of the data subject do not override the former interest, Art. 6 (1) S. 1 lit. f GDPR serves as the legal basis for the processing.

3.        Purposes of data processing

The purposes of data processing in our office and by our lawyers are

    to identify you as our client;

    to be able to adequately advise and represent you as our client;

    to correspond with you as our client as necessary;

    to issue invoices to you as our client;

    to settle any liability claims that may be asserted by you as our client and to assert

    any claims against you;

    to enable us to identify you as a third party involved in the processing of our

    mandate;

    for the necessary correspondence with you as a third party involved in our mandate;

    for invoicing you as third party involved in our mandate;

    to settle any liability claims that may exist on your part as a third party involved in

    our mandate and to assert any claims against you;

    to identify you as our contractor/service provider;

    for the necessary correspondence with you as our contractor/service provider;

    for invoicing you as our contractor/service provider;

    to settle any existing liability claims by you as our contractor/service provider and to

    assert any claims against you;

    to identify our law firm’s employees;

    the proper performance of respective employment relationships including the

    relevant non-disclosure agreements;

    to ensure the fulfilment of legal and social security obligations arising from respective

    employment relationships.

4.        Duration of storage

The personal data of the person concerned will be deleted or blocked as soon as the purpose of the storage is no longer applicable.

Furthermore, data may be stored if this has been envisaged by the European or national legislator in Union regulations, national laws or other regulations to which our law firm or our lawyers are subject. Therefore, personal data collected in the course of the mandate will be stored until the statutory retention obligation for lawyers expires (6 years after the end of the calendar year in which the mandate was terminated) and deleted thereafter, unless we are obliged to store the data for a longer period of time in accordance with Art. 6 (1) S. 1 lit. c GDPR due to storage and documentation obligations under tax and commercial law (arising from the German Commercial Code (HGB), the German Criminal Code (StGB) or the German Tax Code (AO)) or you have consented to further storage in accordance with Art. 6 (1) S. 1 lit. a GDPR.

5.         Transfer of data to third parties

Your personal data will not be transferred to third parties for purposes other than those listed below:

To the extent that this is necessary for the proper performance of the mandate in accordance with Art. 6 (1) S. 1 lit. b GDPR, your personal data will be disclosed to third parties. This particularly includes the transfer to opposing parties and their representatives (in particular their lawyers) as well as courts and other public authorities for the purpose of correspondence and for the assertion and defence of your rights. The data transferred may be used by the third party exclusively for the purposes mentioned. The attorney-client privilege remains unaffected. As far as it concerns data which are subject to the attorney-client privilege, a transfer to third parties will only take place in consultation with you.

A possible transfer of data to processors within the context of the correct execution of the mandate will only take place in compliance with the corresponding data protection regulations according to Art. 28 seq. GDPR.

Any transfer of your personal data to persons or international organisations in a third country will furthermore in accordance with the provisions of Art. 49 (1) GDPR only take place on the basis of your consent in accordance with Art. 6 (1) S. 1 lit. a GDPR or to the extent necessary for the proper execution of the mandate in accordance with Art. 6 (1) S. 1 lit. b GDPR.

6.         Rights of data subjects

If your personal data are processed, you are a data subject within the meaning of the GDPR and you are entitled to the following rights in relation to our law firm and our respective lawyer.

a.)       Right of withdrawal

In accordance with Art. 7 (3) GDPR, you have the right to withdraw your consent to processing your personal data at any time by contacting our law firm or our respective lawyer. The Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

b.)       Right of access

In accordance with Art. 15 (1) first half-sentence GDPR, you may obtain a confirmation from our law firm and our respective lawyer as to whether personal data concerning you are being processed by us.

Where that is the case, you may obtain access to the following information from our law firm and the lawyer concerned in accordance with Art. 15 (1), second half-sentence GDPR:

aa.) the purposes of the processing;

bb.) the categories of personal data concerned;

cc.) the recipients or categories of recipient to whom your personal data have been or

       will be disclosed;

dd.) the envisaged period for which your personal data will be stored, or, if not possible,

       the criteria used to determine that period;

ee.) the existence of the right to request from the controller rectification or erasure of

       your personal data or restriction of processing of personal data concerning you by

       the controller or the right to object to such processing;

ff.)   the right to lodge a complaint with a supervisory authority;

gg.) where the personal data are not collected from the data subject, any available

       information as to their source;

hh.) the existence of automated decision-making, including profiling in accordance with

       Art. 22 (1) and (4) GDPR and – at least in these cases – meaningful information on

       the logic involved and the scope and intended effects of such processing on the

       data subject.

You have the right to request information as to whether the personal data concerning you is transferred to a third country or to an international organisation. In this regard, you may request to be informed of the appropriate safeguards regarding the transfer in accordance with Art. 46 GDPR.

c.)       Right of rectification

In accordance with Art. 16 GDPR, you have the right to obtain from our law firm without undue delay the rectification of inaccurate personal data as well as the completion of incomplete personal data concerning yourself. Our law firm and the lawyer concerned must implement the correction without delay.

d.)       Right to erasure

aa.) Obligation to erasure

       in accordance with Art. 17 GDPR, you have the right to obtain from our law firm

       the erasure of personal data concerning you without undue delay and our law firm

       and the lawyer concerned is obliged to erase these data without undue delay

       where one of the following grounds applies:

aaa.) The personal data concerning you are no longer necessary in relation to the

          purposes for which they were collected or otherwise processed.

bbb.) You withdraw consent on which the processing is based according to Art. 6 (1)

          lit. a GDPR, or Art. 9 (2) lit. a GDPR, and where there is no other legal ground

          for the processing.

ccc.) You object to the processing pursuant to Art. 21(1) GDPR and there are no

         overriding legitimate grounds for the processing, or you object to the processing

         pursuant to Art. 2 1(2) GDPR.

ddd.) The personal data concerning you have been unlawfully processed.

eee.) The personal data concerning you have to be erased for compliance with a legal

         obligation in Union or Member State law to which our law firm or the respective

         lawyer is subject.

fff.) The personal data concerning you have been collected in relation to the offer of

      information society services referred to in Art. 8 (1) GDPR.

bb.) Information to third parties

Where our law firm or our respective lawyer has made the personal data relating to you public and is obliged pursuant to Art. 17 GDPR (1) to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you, as the data subject, have requested the erasure by such controllers of any links to, or copy or replication of, those personal data.

cc.) Exceptions

The right to erasure does not apply to the extent that processing is necessary

aaa.) for exercising the right of freedom of expression and information;

bbb.) for compliance with a legal obligation which requires processing by Union or

         Member State law to which our law firm or the respective lawyer is subject or for

         the performance of a task carried out in the public interest or in the exercise of

         official authority vested in our law firm or the respective lawyer;

ccc.) for reasons of public interest in the area of public health in accordance with Art.

         9 (2) lit. h and i as well as Art. 9 (3) GDPR;

ddd.) for archiving purposes in the public interest, scientific or historical research

         purposes or statistical purposes in accordance with Art. 89 (1) GDPR in so far as

         the right referred to in section a) is likely to render impossible or seriously impair

         the achievement of the objectives of that processing; or

eee.) for the establishment, exercise or defence of legal claims.

e.)       Right to restriction of processing

In accordance with Art. 18 GDPR, you have the right to obtain the restriction of processing where one of the following applies:

aa.) the accuracy of the personal data is contested by you, for a period enabling the

       controller to verify the accuracy of the personal data;

bb.) the processing is unlawful and you oppose the erasure of the personal data and

       request the restriction of their use instead;

cc.) the controller no longer needs the personal data for the purposes of the

       processing, but they are required by you for the establishment, exercise or defence

       of legal claims; or

dd.) you have objected to processing pursuant to Art. 21 (1) GDPR pending the

       verification whether the legitimate grounds of the controller override those of the

       data subject.

Where processing has been restricted, such personal data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

If the restriction of processing has been restricted in accordance with the aforementioned conditions, you will be informed by our law firm and our lawyer concerned before the restriction is lifted.

f.)        Notification obligation

If you have asserted the right to rectification or erasure of personal data or restriction of processing with our law firm or our respective lawyer, they are obliged in accordance with Art. 19 GDPR to notify each recipient to whom the personal data concerning you have been disclosed of this rectification or erasure of data or restriction of processing, unless this proves impossible or involves disproportionate efforts.

You have the right to be informed of these recipients by our law firm and the lawyer concerned.

g.)       Right to data portability

In accordance with Art. 20 GDPR, you have the right to receive the personal data concerning you which you have provided to our law firm and to our respective lawyer in a structured, commonly used and machine-readable format. Furthermore, you have the right to transmit those data to another controller without hindrance from our law firm or one of our lawyers to whom the personal data have been made available, provided

aa.) the processing is based on a consent pursuant to Art. 6 (1) S. 1 lit. a GDPR or Art.

       9 (2) lit. a GDPR or on a contract pursuant to Art. 6 (1) S. 1 lit. b GDPR and

bb.) the processing is carried out by automated means.

In exercising this right, you also have the right to obtain that the personal data concerning you be transferred directly from our office or from our lawyer concerned to another controller, where technically feasible. The freedoms and rights of others must not be adversely affected by this.

The right to data portability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in our law firm or in our lawyer concerned.

h.)       Right to object

According to Art. 21 GDPR, you have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you which is based on Art. 6 (1) lit. e or f GDPR, including profiling based on those provisions.

Our law firm and its lawyers no longer process the personal data concerning you, unless we are able to demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.

i.)        Automated individual decision-making, including profiling

According to Art. 22 GDPR, you have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

However, automated decisions and profiling are not used by us anyway.

j.)        Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right under Art. 77 GDPR to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, if you consider the processing of personal data relating to you to infringe the GDPR. Presently, the competent supervisory authority is in particular:

Commissioner for Data Protection of Lower Saxony

Barbara Thiel

Prinzenstraße 5

30159 Hannover

Telefon: 05 11/120-45 00

Telefax: 05 11/120-45 99

E-Mail: poststelle{at}lfd.niedersachsen{dot}de

Homepage: https://www.lfd.niedersachsen.de

The supervisory authority to which the complaint has been submitted shall inform the complainant of the status and the results of the complaint, including the possibility of a judicial remedy pursuant to Art. 78 GDPR.

k.)       Assertion of rights of data subjects

If you wish to assert one or several of your rights as a data subject against us or one of our lawyers, you can do so in particular by sending an e-mail to PL{at}DrLLS{dot}de.

End of data protection declaration

Braunschweig, the 17.08.2020

hauslehmannKLThumb