To fulfil the obligations notably arising from Art. 12 et seq. GDPR, we hereby publish the following informations regarding data protection (data protection declaration).
I. Contact information of the controller
Our office’s lawyers are already obliged to strict data protection by rules of professional conduct as laid down in s. 2 BORA and s. 43 a (2) BRAO. Therefore, every lawyer within our office determines the purposes and means of the processing of personal data by themselves and thus is controller according to Art. 4 (7) GDPR and further data protection regulations.
In addition, we forehandedly also classify the law firm as controller according to Art. 4 (7) GDPR, whose contact information is as follows:
Rechtsanwälte Dr. Linhard, Lehmann & Specht GbR
Adolfstraße 1
D-38102 Brauschweig
Tel: +49 (0)531 220 920
Fax: +49 (0)531 220 92 92
info{at}DrLLS{dot}de
II. Contact information of the person in charge for data protection
To ensure a consitently high standard in data protection we also have as a person in charge for data protection:
Mr. RA Dr. Philipp Lehmann
Adolfstraße 1
D-38102 Brauschweig
Tel: +49 (0)531 220 920
Fax: +49 (0)531 220 92 92
PL{at}DrLLS{dot}de
III. General remarks regarding data processing
1. Terminology
To improve comprehension of commonly used terminology related to data protection, we refer to the following definitions:
a.) Personal data
In accordance with Art. 4 (1) GDPR ‚personal data‘ means any information relating to an identified or identifiable natural person (hereinafter referred to as ‚data subject‘); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Information which cannot (or can only by involving disproportionate efforts) be attributed to your person, e.g. due to pseudonymisation or anonymisation, by contrast is no personal data but other data.
b.) Processing
As laid down in Art. 4 (2) GDPR, ‚processing‘ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
c.) Controller
In line with Art. 4 (7) GDPR, ‚controller‘ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
d.) Processor
According to Art. 4 (8) GDPR, ‚processor‘ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
e.) Third Party
‘Third party‘ means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
f.) further definitions
For further definitions regarding data protection law terminology, please also refer to Art. 4 GDPR.
2. Scope of processing of personal data
As a matter of principle, we process personal data only to the extent necessary to provide a functional website and its contents as well as to carry out our legal services (processing of mandates) and our general office operations.
Personal data are regularly processed only with the consent of the person concerned. An exception is made in those cases in which the processing of personal data is lawful even without the prior consent of the person concerned, in accordance with Art. 6 (1) sentence 1 lit. b -f GDPR.
3. Legal basis for the processing of personal data
Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6 (1) sentence 1 lit. a GDPR serves as the legal basis.
In the processing of personal data which is necessary for the performance of a contract to which the data subject is a party, Art. 6 para. 1 sentence 1 lit. b GDPR serves as the legal basis. This also applies to processing operations which are necessary for the implementation of pre-contractual measures.
Insofar as the processing of personal data is necessary to fulfil a legal obligation to which our law firm is subject, Art. 6 (1) sentence 1 lit. c GDPR serves as the legal basis.
In the event that vital interests of the person concerned or of another natural person make it necessary to process personal data, Art. 6 para. 1 sentence 1 lit. d GDPR serves as the legal basis.
If the processing is necessary for the purposes of the legitimate interests pursued by our law firm or by a third party and if the interests, fundamental rights and freedoms of the data subject do not override the former interest, Art. 6 (1) sentence 1 lit. f GDPR serves as the legal basis for the processing.
4. Data erasure and storage duration
The personal data of the person concerned will be deleted or blocked as soon as the purpose of the storage is no longer applicable.
Furthermore, data may be stored if this has been determined by the European or national legislator in Union regulations, national laws or other regulations to which our law firm or our lawyers are subject. Therefore, personal data collected in the course of the processing of the mandate will be stored until the expiry of the statutory retention period for lawyers (6 years after the end of the calendar year in which the mandate was completed) and deleted thereafter, unless we are obliged to store the data for a longer period of time in accordance with Art. 6 (1) sentence 1 lit. c GDPR due to tax and commercial law retention and documentation obligations (from the commercial code, HGB, the criminal code, StGB or the fiscal code, AO) or you have consented to a storage exceeding this period in accordance with Art. 6 (1) sentence 1 lit. a GDPR.
5. Security and safety measures for data protection
We protect your and our stored data in the best possible way against unauthorized access by unauthorized third parties. In doing so, we take various technical, structural and organisational security and safety measures, both in the digital and analogue field, which are regularly checked and adapted to the current state of the art.
However, we are pointing out that due to the internet’s structure it is possible that the rules of data protection are not observed by malicious third parties. In particular, data disclosed in unencrypted form, especially in the context of e-mail communication, can be read and even altered by unauthorised third parties. It is the user’s responsibility to protect the data provided by them against misuse by means of encryption or in other ways.
IV. Data processing via our website (www.DrLLS.de)
1. Website provision and creation of log files
a.) Description and scope of data processing
Whenever you visit our website (www.DrLLS.de), our system automatically collects data and information from the calling computer’s system. The following data are collected:
– Information concerning the browser type and the version used
– The user’s operating system
– The user’s internet service provider
– The user’s IP address
– Date and time of access
The data are also stored in our system’s log files. Not affected by this are the user’s IP addresses or other data which allow the data to be assigned to a user. A storage of these data together with other personal data concerning the user is not intended.
b.) Legal basis of data processing
The legal basis for the temporary storage of data is Art. 6 (1) sentence 1 lit. f GDPR.
c.) Purpose of data processing
The processing of the data mentioned above is necessary for the technical operation of our website. The temporary storage of the IP address in the system is necessary to enable the website’s delivery to the user’s computer. For this purpose, the user’s IP address must be stored for the duration of the session. This logging also serves to detect and correct technical errors on our website. Furthermore, these data are required in order to detect and prevent possible misuse of our website. These purposes also determine our legitimate interest in data processing in accordance with Art. 6 (1) sentence 1 lit. f GDPR.
d.) Duration of storage
The above-mentioned data will be deleted as soon as they are no longer needed to achieve the purpose for which they were collected. If the data have been collected for the purpose of providing the website, this is the case when the respective session has ended. After four weeks at the latest, the remaining data mentioned above will be deleted.
e.) Transfer of data to third parties
A transfer of the above-mentioned data to third parties takes place within the framework of the above-mentioned purposes, i.e. solely in compliance with the data protection regulations concerning processors in accordance with Art. 28 f. GDPR (hosting of the website / web space provider) in order to provide and deliver the website to you.
f.) Right to object and other rights of data subjects
The collection of the aforementioned data in order to provide and deliver our website to you and the storage of the data in log files is essential for the technical operation of our website. The user therefore has no right of objection in this respect.
However, as a user of our website, you are entitled to exercise the other rights of data subjects. You thus have the right:
to access your personal data processed by us in accordance with Art. 15 GDPR. In particular, you may request information on the purposes of the processing, the categories of personal data, the categories of recipients to whom your data have been or will be disclosed, the envisaged period for which the data will be stored, the existence of a right of rectification, erasure, restriction of processing or opposition, the existence of a right to lodge a complaint with a supervisory authority, the origin of your data, where it has not been collected by us, as well as the existence of automated decision-making, including profiling, and, where applicable, meaningful information on the details thereof;
in accordance with Art. 16 GDPR, to obtain without undue delay the rectification of incorrect or the completion of your personal data stored by us;
in accordance with Art. 17 GDPR, to obtain the erasure of your personal data stored with us, unless processing is necessary to exercise the right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims;
in accordance with Art. 18 GDPR, to obtain the restriction of the processing of your personal data, where the accuracy of the data is contested by you, the processing is unlawful, but you oppose the erasure and we no longer require the data, but you require it for the establishment, exercise or defence of legal claims;
in accordance with Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request that it be transferred to another controller and
to lodge a complaint with a supervisory authority in accordance with Art. 77 GDPR, in particular, you can turn to the supervisory authority of your habitual residence or place of work or to our office.
You will find an even more detailed description of your data subject rights below under V. 6.
2. Use of cookies
For our website neither the use of own cookies nor of third party cookies is intended.
3. Payment services and payment procedures
Payment services and payment procedures are not provided for our website.
4. E-mail newsletter
An e-mail newsletter is not planned for us.
5. Social media plug-ins
The use of social media plug-ins is not intended for our website.
6. Registration
A registration option is not provided for our website.
7. Contact form
A contact form is not provided for our website.
8. Advertising and marketing services
No advertising or marketing services are provided for our website.
9. Web analysis
No web analysis is provided for our website. We therefore do not use tools like Matomo (formerly PIWIK) or Google Analytics.
V. Data processing in our office
1. Description and extent of data processing
We also collect personal data when contacting our law firm or one of our lawyers independently of our website. The following information is collected:
Title, first name, surname,
Address,
Telephone number (landline and/or mobile),
E-mail address,
information necessary for the enforcement and defence of rights within the
mandate’s framework and/or for the operation of our law firm.
In the area of personnel administration, additionally recorded data are:
Date of entering and leaving the employment, salary, pension and social security data, bank details, warnings and, if applicable, certificates and documents of application.
Description of the groups of persons concerned:
Interested parties, clients and their respective relatives, employees, customers, suppliers, opponents, courts, authorities, legal expense insurance companies and their respective employees; contractors/service providers of our law firm and our lawyers; our law firm’s lawyers‘ staff.
2. Legal basis for data processing
Insofar as we obtain the data subject’s consent for the processing of personal data, Art. 6 (1) S. 1 lit. a GDPR serves as the legal basis.
In the processing of personal data which is necessary for the performance of a contract to which the data subject is a party, Art. 6 (1) S. 1 lit. b GDPR serves as the legal basis. This also applies to processing operations which are necessary for the implementation of pre-contractual measures.
Insofar as the processing of personal data is necessary to comply with a legal obligation to which our law firm is subject, Art. 6 (1) S. 1 lit. c GDPR serves as the legal basis.
In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 (1) S. 1 lit. d GDPR serves as the legal basis.
If the processing is necessary for the purpose of a legitimate interest pursued by our law firm or by a third party and if the interests or fundamental rights and freedoms of the data subject do not override the former interest, Art. 6 (1) S. 1 lit. f GDPR serves as the legal basis for the processing.
3. Purposes of data processing
The purposes of data processing in our office and by our lawyers are
to identify you as our client;
to be able to adequately advise and represent you as our client;
to correspond with you as our client as necessary;
to issue invoices to you as our client;
to settle any liability claims that may be asserted by you as our client and to assert
any claims against you;
to enable us to identify you as a third party involved in the processing of our
mandate;
for the necessary correspondence with you as a third party involved in our mandate;
for invoicing you as third party involved in our mandate;
to settle any liability claims that may exist on your part as a third party involved in
our mandate and to assert any claims against you;
to identify you as our contractor/service provider;
for the necessary correspondence with you as our contractor/service provider;
for invoicing you as our contractor/service provider;
to settle any existing liability claims by you as our contractor/service provider and to
assert any claims against you;
to identify our law firm’s employees;
the proper performance of respective employment relationships including the
relevant non-disclosure agreements;
to ensure the fulfilment of legal and social security obligations arising from respective
employment relationships.
4. Duration of storage
The personal data of the person concerned will be deleted or blocked as soon as the purpose of the storage is no longer applicable.
Furthermore, data may be stored if this has been envisaged by the European or national legislator in Union regulations, national laws or other regulations to which our law firm or our lawyers are subject. Therefore, personal data collected in the course of the mandate will be stored until the statutory retention obligation for lawyers expires (6 years after the end of the calendar year in which the mandate was terminated) and deleted thereafter, unless we are obliged to store the data for a longer period of time in accordance with Art. 6 (1) S. 1 lit. c GDPR due to storage and documentation obligations under tax and commercial law (arising from the German Commercial Code (HGB), the German Criminal Code (StGB) or the German Tax Code (AO)) or you have consented to further storage in accordance with Art. 6 (1) S. 1 lit. a GDPR.
5. Transfer of data to third parties
Your personal data will not be transferred to third parties for purposes other than those listed below:
To the extent that this is necessary for the proper performance of the mandate in accordance with Art. 6 (1) S. 1 lit. b GDPR, your personal data will be disclosed to third parties. This particularly includes the transfer to opposing parties and their representatives (in particular their lawyers) as well as courts and other public authorities for the purpose of correspondence and for the assertion and defence of your rights. The data transferred may be used by the third party exclusively for the purposes mentioned. The attorney-client privilege remains unaffected. As far as it concerns data which are subject to the attorney-client privilege, a transfer to third parties will only take place in consultation with you.
A possible transfer of data to processors within the context of the correct execution of the mandate will only take place in compliance with the corresponding data protection regulations according to Art. 28 seq. GDPR.
Any transfer of your personal data to persons or international organisations in a third country will furthermore in accordance with the provisions of Art. 49 (1) GDPR only take place on the basis of your consent in accordance with Art. 6 (1) S. 1 lit. a GDPR or to the extent necessary for the proper execution of the mandate in accordance with Art. 6 (1) S. 1 lit. b GDPR.
6. Rights of data subjects
If your personal data are processed, you are a data subject within the meaning of the GDPR and you are entitled to the following rights in relation to our law firm and our respective lawyer.
a.) Right of withdrawal
In accordance with Art. 7 (3) GDPR, you have the right to withdraw your consent to processing your personal data at any time by contacting our law firm or our respective lawyer. The Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
b.) Right of access
In accordance with Art. 15 (1) first half-sentence GDPR, you may obtain a confirmation from our law firm and our respective lawyer as to whether personal data concerning you are being processed by us.
Where that is the case, you may obtain access to the following information from our law firm and the lawyer concerned in accordance with Art. 15 (1), second half-sentence GDPR:
aa.) the purposes of the processing;
bb.) the categories of personal data concerned;
cc.) the recipients or categories of recipient to whom your personal data have been or
will be disclosed;
dd.) the envisaged period for which your personal data will be stored, or, if not possible,
the criteria used to determine that period;
ee.) the existence of the right to request from the controller rectification or erasure of
your personal data or restriction of processing of personal data concerning you by
the controller or the right to object to such processing;
ff.) the right to lodge a complaint with a supervisory authority;
gg.) where the personal data are not collected from the data subject, any available
information as to their source;
hh.) the existence of automated decision-making, including profiling in accordance with
Art. 22 (1) and (4) GDPR and – at least in these cases – meaningful information on
the logic involved and the scope and intended effects of such processing on the
data subject.
You have the right to request information as to whether the personal data concerning you is transferred to a third country or to an international organisation. In this regard, you may request to be informed of the appropriate safeguards regarding the transfer in accordance with Art. 46 GDPR.
c.) Right of rectification
In accordance with Art. 16 GDPR, you have the right to obtain from our law firm without undue delay the rectification of inaccurate personal data as well as the completion of incomplete personal data concerning yourself. Our law firm and the lawyer concerned must implement the correction without delay.
d.) Right to erasure
aa.) Obligation to erasure
in accordance with Art. 17 GDPR, you have the right to obtain from our law firm
the erasure of personal data concerning you without undue delay and our law firm
and the lawyer concerned is obliged to erase these data without undue delay
where one of the following grounds applies:
aaa.) The personal data concerning you are no longer necessary in relation to the
purposes for which they were collected or otherwise processed.
bbb.) You withdraw consent on which the processing is based according to Art. 6 (1)
lit. a GDPR, or Art. 9 (2) lit. a GDPR, and where there is no other legal ground
for the processing.
ccc.) You object to the processing pursuant to Art. 21(1) GDPR and there are no
overriding legitimate grounds for the processing, or you object to the processing
pursuant to Art. 2 1(2) GDPR.
ddd.) The personal data concerning you have been unlawfully processed.
eee.) The personal data concerning you have to be erased for compliance with a legal
obligation in Union or Member State law to which our law firm or the respective
lawyer is subject.
fff.) The personal data concerning you have been collected in relation to the offer of
information society services referred to in Art. 8 (1) GDPR.
bb.) Information to third parties
Where our law firm or our respective lawyer has made the personal data relating to you public and is obliged pursuant to Art. 17 GDPR (1) to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you, as the data subject, have requested the erasure by such controllers of any links to, or copy or replication of, those personal data.
cc.) Exceptions
The right to erasure does not apply to the extent that processing is necessary
aaa.) for exercising the right of freedom of expression and information;
bbb.) for compliance with a legal obligation which requires processing by Union or
Member State law to which our law firm or the respective lawyer is subject or for
the performance of a task carried out in the public interest or in the exercise of
official authority vested in our law firm or the respective lawyer;
ccc.) for reasons of public interest in the area of public health in accordance with Art.
9 (2) lit. h and i as well as Art. 9 (3) GDPR;
ddd.) for archiving purposes in the public interest, scientific or historical research
purposes or statistical purposes in accordance with Art. 89 (1) GDPR in so far as
the right referred to in section a) is likely to render impossible or seriously impair
the achievement of the objectives of that processing; or
eee.) for the establishment, exercise or defence of legal claims.
e.) Right to restriction of processing
In accordance with Art. 18 GDPR, you have the right to obtain the restriction of processing where one of the following applies:
aa.) the accuracy of the personal data is contested by you, for a period enabling the
controller to verify the accuracy of the personal data;
bb.) the processing is unlawful and you oppose the erasure of the personal data and
request the restriction of their use instead;
cc.) the controller no longer needs the personal data for the purposes of the
processing, but they are required by you for the establishment, exercise or defence
of legal claims; or
dd.) you have objected to processing pursuant to Art. 21 (1) GDPR pending the
verification whether the legitimate grounds of the controller override those of the
data subject.
Where processing has been restricted, such personal data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
If the restriction of processing has been restricted in accordance with the aforementioned conditions, you will be informed by our law firm and our lawyer concerned before the restriction is lifted.
f.) Notification obligation
If you have asserted the right to rectification or erasure of personal data or restriction of processing with our law firm or our respective lawyer, they are obliged in accordance with Art. 19 GDPR to notify each recipient to whom the personal data concerning you have been disclosed of this rectification or erasure of data or restriction of processing, unless this proves impossible or involves disproportionate efforts.
You have the right to be informed of these recipients by our law firm and the lawyer concerned.
g.) Right to data portability
In accordance with Art. 20 GDPR, you have the right to receive the personal data concerning you which you have provided to our law firm and to our respective lawyer in a structured, commonly used and machine-readable format. Furthermore, you have the right to transmit those data to another controller without hindrance from our law firm or one of our lawyers to whom the personal data have been made available, provided
aa.) the processing is based on a consent pursuant to Art. 6 (1) S. 1 lit. a GDPR or Art.
9 (2) lit. a GDPR or on a contract pursuant to Art. 6 (1) S. 1 lit. b GDPR and
bb.) the processing is carried out by automated means.
In exercising this right, you also have the right to obtain that the personal data concerning you be transferred directly from our office or from our lawyer concerned to another controller, where technically feasible. The freedoms and rights of others must not be adversely affected by this.
The right to data portability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in our law firm or in our lawyer concerned.
h.) Right to object
According to Art. 21 GDPR, you have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you which is based on Art. 6 (1) lit. e or f GDPR, including profiling based on those provisions.
Our law firm and its lawyers no longer process the personal data concerning you, unless we are able to demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
i.) Automated individual decision-making, including profiling
According to Art. 22 GDPR, you have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
However, automated decisions and profiling are not used by us anyway.
j.) Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right under Art. 77 GDPR to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, if you consider the processing of personal data relating to you to infringe the GDPR. Presently, the competent supervisory authority is in particular:
Commissioner for Data Protection of Lower Saxony
Barbara Thiel
Prinzenstraße 5
30159 Hannover
Telefon: 05 11/120-45 00
Telefax: 05 11/120-45 99
E-Mail: poststelle{at}lfd.niedersachsen{dot}de
Homepage: https://www.lfd.niedersachsen.de
The supervisory authority to which the complaint has been submitted shall inform the complainant of the status and the results of the complaint, including the possibility of a judicial remedy pursuant to Art. 78 GDPR.
k.) Assertion of rights of data subjects
If you wish to assert one or several of your rights as a data subject against us or one of our lawyers, you can do so in particular by sending an e-mail to PL{at}DrLLS{dot}de.
End of data protection declaration
Braunschweig, the 17.08.2020