Privacy Policy

This Privacy Policy provides an overview of how we, Vogel Heerma Waitz Partnerschaft von Rechtsanwälten mbB, collect, process and otherwise handle the personal data we may receive about individuals in connection with their use of our website, their job application or our provision of legal services as well as to explain the rights the individuals concerned have in that regard. We process personal data in accordance with the applicable legal provisions governing the protection of personal data, in particular with those of the General Data Protection Regulation (“GDPR”) and the German Federal Data Protection Act (BDSG”).

We change this Privacy Policy from time to time and we therefore encourage you to review it from time to time to ensure that you are consulting the most recent version.

I. CONTROLLER AND DATA PROTECTION OFFICER

The data controller responsible for the processing of personal data under Art. 4 No. 7 of the GDPR is:

Vogel Heerma Waitz Partnerschaft von Rechtsanwälten mbB
Friedrichstraße 165
10117 Berlin
Phone: 030-2062059-0
E-Mail: info@v14.de

If you have any questions about this Privacy Policy or want to exercise your rights set out in this statement, please contact us using the contact details set out above. You may also reach our data protection officer at the same contact details.

II. DATAPROCESSING WHEN VISITING OUR WEBSITE

1. PROVIDING THE WEBSITE AND CREATING LOGFILES

Each time you access our website, we temporarily store the data your browser automatically transmits to our web server in so-called server log files.

These are:

  • the page from which you accessed our website (referrer-URL)
  • date and time of access
  • the amount of data transmitted
  • the IP address of the requesting system
  • browser type and browser version used
  • the operating system used

The temporary storage of this data, in particular the storage of IP addresses, is a technical requirement to allow website access and use and to ensure the security of our systems. We do not assign this data to a specific or identifiable natural person. We also do not create any pseudonymous user profiles with the help of this data. The IP addresses are deleted or anonymized by way of abbreviation as soon as they are no longer required for the aforementioned purposes, at the latest after 7 days following a user´s visit to our website.

The legal basis for this data processing is Art. 6 para. 1 lit. e) GDPR. Our legitimate interest follows from the aforementioned purposes.

2. USE OF COOKIES

2.1 GENERAL INFORMATION

Cookies are small text files that are sent to a user´s browser and stored on the hard drive of the user´s computer or internet enabled device when a user visits a website. Cookies can be used to store unique identifiers consisting of a string of characters that enable a website to recognize a browser on the user’s next visit. Cookies can store various information, such as browser type, operating system used, language settings and other personal settings as well as information on user behaviour, such as the frequency of visits and links clicked.

Most browsers automatically accept cookies. However, you can configure your web browser to reject or delete cookies or to be informed if a cookie is installed. For more details please use the “help” option in your internet browser.

On our website, we use cookies for analytics purposes only (see section II.2.2 of this Privacy Policy).

2.2 WEB ANALYTICS SERVICE MATOMO

We use the web analytics service Matomo (formerly Piwik), an Open-source software which is designed to capture visitor access for anonymous statistical evaluation. Whenever you visit our website, Matomo will apply cookies to analyze your user behavior during your visit. The cookies also capture the frequency of your visits and provide us generally with the total number of users to our website. Any information so collected will be transferred to our server. We use the information exclusively to optimize and further develop our website. The cookies have a maximum lifetime of 7 days.

We only use Matomo with active IP anonymization. This means that the IP addresses of users will be abbreviated by 2 bytes before their data is transmitted to our server (e.g. 192.168.xxx.xxx). We therefore do not have access to any data that could enable us to identify individual visitors to our website.

If you do not agree with the capture and statistical evaluation of your visit to our website, please uncheck the checkbox at the end of this paragraph. A Matomo deactivation cookie will then be stored in your browser, which prevents the collection of any data from your browser by Matomo. If you delete this deactivation cookie, use a different browser or change the device, you must uncheck the checkbox again. Please also note that such “opt-out cookies” are only effective if you have configured your browser to generally permit the use of cookies.

Our legal basis for the processing of personal data for analytics purposes by using Matomo is Art. 6 para. 1 lit. f) GDPR. We have a legitimate interest in analyzing the use of our website for optimization purposes.

3. CONTACTING US

When you contact us by e-mail, we will store the personal data that you voluntarily disclose to us (e.g. your e-mail address, name and/or other contact data) on our mail server and process such data for processing your enquiry only. As a rule, we store such data only for the duration of the respective communication and as long as any possible claims arising out of this context are not yet statute-barred, unless there are longer statutory retention periods in individual cases. The communication shall be deemed to have ended if it can be inferred from the circumstances that the matter in question has been clarified. The legal basis for the processing of personal data in this context is
Art. 6 para. 1 lit. f) GDPR. Our legitimate interest derives from the aforementioned purposes.

Where enquiries relate to the establishment of a client relationship, we process any related personal data in accordance with section IV. of this Privacy Policy.

III. DATA PROCESSING IN CONNECTION WITH JOB APPLICATIONS

When you apply for a job position with us, we process the information voluntarily provided by you, for example your first and last name, contact details as well as the information contained in your files such as cover letters, curricula vitae and certificates. In addition to your contact details, information about your qualifications, work experience and skills is of particular relevance to us.

We treat all application data confidential and only disclose such data to persons within our firm who are involved in the respective recruitment process. However, we would like to point out that if you do not use encryption technology at your end, e-mails will not be encrypted end-to-end. Thus, we cannot guarantee confidentiality of applications sent by e-mail. As a rule, you can also apply for a position by post or in person.

We solely process your application data for the purpose of processing your job application and to assess whether your skills and qualifications meet our requirements. If we are of the opinion that you are suitable for a position within our firm, we will contact you and conduct one or more job interviews.

The legal basis for the processing of your application data is Art. 6 para. 1 lit. b) GDPR and Art. 88 para. 1 GDPR in conjunction with section 26 para. 1 sentence 1 BDSG.

If your application is successful and you become employed by us, we will keep your application data for as long as it is necessary for the employment relationship and insofar as we are legally required to retain it. The legal basis for this processing is again Art. 6 para. 1 lit. b) GDPR and Art. 88 para. 1 GDPR in conjunction with section 26 para. 1 sentence 1 BDSG. If your application is unsuccessful, we will keep your application data for a maximum of 6 months after rejection of your application to defend ourselves against possible legal claims arising out of the application process. The legal basis for this retention is Art. 6 para. 1 lit. f) GDPR. The legitimate interest is the burden of proof in a potential trial.

If you have given your consent to be added to our talent pool, we will keep your application data for a period of up to 2 years following your last application to contact you about future vacancies. The legal basis for this retention is Art. 6 para. 1 lit. a) GDPR. You can revoke your consent in that regard at any time before the expiry of the specified period by sending us a letter by post or contact us via e-mail at info@v14.de or jobs@v14.de.

As a rule, we do not request any special category of personal data within the meaning of Art. 9 GDPR, i.e. personal data revealing racial or ethnic origin, political opinion, religious or philosophical beliefs or trade union membership or biometric data, data concerning health or a natural person’s sex life or sexual orientation. We therefore ask you to not provide us with any such data. If such information should be relevant in exceptional cases, we will inform you accordingly.

IV. PROCESSING OF PERSONAL DATA IN CLIENT RELATIONSHIPS

1. PERSONAL DATA OF OUR CLIENTS AND THEIR LEGAL REPRESENTATIVES

We generally process the following personal data when we receive an initial request from our clients or prospective clients and/or their legal representatives:

  • contact information of the requesting party and any other persons involved in the matter, in particular their first and last names, job titles, company and company name, addresses, telephone numbers (landline and/or mobile), e-mail addresses,
  • payment information, e.g. tax identification numbers and VAT numbers of the client, and
  • personal data contained in other information a client or prospective client provides to us in connection with our provision of legal services to such client or prospective client.

In the course of our engagement, we may store and collect further information, including personal data that is necessary or useful for the provision of our services for which our clients have engaged us. In addition, we may process – to the extent necessary for the provision of our services – personal data which we permissibly obtain from publicly accessible sources (e.g. trade and association registers, internet, press) or which is transmitted to us by third parties (e.g. contractual partners and their representatives).

We process this personal data exclusively for the purpose of establishing, performing and executing our obligations in accordance with any contract that we may have with our clients, to ensure that there are no conflicts of interest with other client matters and that we provide our services in the best way we can and to comply with our legal obligations as lawyers as well as to enforce our legal rights or defend against legal claims.

The legal bases for this processing are Art. 6 para. 1 lit. b) GDPR, Art. 6 para. 1 lit. 1 c) GDPR and Art. 6 para. 1 lit. f) GDPR. Our legitimate interest follows from the aforementioned purposes.

2. PERSONAL DATA OF RELATED PARTIES

In the course of providing our services to our clients, we may also process personal data of third parties, in particular of employees, service providers and other contractual and business partners of our clients as well as their representatives and advisors, of notaries, judges, bailiffs, counterparties and their representatives as well as translators. The data processed includes in particular:

  • contact data (names, addresses, telephone and fax numbers, e-mail addresses, etc.), and
  • information relating to client matters, which may also contain personal data.

Such data may be collected directly from the persons concerned or gathered indirectly by other means. In any case, however, all data is collected exclusively for the purpose of providing our services to our clients.

The legal basis for this processing is Art. 6 para. 1 lit. f) GDPR. Our legitimate interest lies in the proper and effective provision of legal advice and representation services to our clients.

3. RETENTION PERIOD

We process personal data in the context of a client relationship only for as long as

  • this is required or appropriate for the provision of our services to a client,
  • this is required under applicable law, and/or
  • possible claims from our business relationship are not yet statute-barred.

The retention period for attorneys’ files is currently 6 years, beginning at the end of the calendar year in which the respective client relationship ends. In addition, the general statutory tax retention periods apply (10 years). In the case of long-term client relationships, we often store information relating to a completed transaction beyond these statutory retention periods to be able to take into account this information in respect of current and future matters or to be able to provide our clients with information on this at a later point in time. In some cases it may also be appropriate to store data and documents for the purpose of asserting or defending claims to the extent that such assertion or defense remains possible under section 195 et subseq. of the German Civil Code (BGB). Furthermore, we will permanently retain personal data that is still required for the monitoring of a conflict of interests. This includes the name of the client, if applicable the name of the opposing party, the name of the lawyer in charge and a brief description of the subject matter of the mandate.

The legal bases for the storage of personal data correspond to the legal bases mentioned under section IV.2 of this Privacy Policy.

V. CATEGORIES OF RECIPIENTS OF THE PERSONAL DATA

With regard to the transfer of data to recipients outside our law firm, we would like to point out that we are obliged to maintain confidentiality in respect of all client-related facts of which we become aware (obligation to maintain secrecy pursuant to section 43a para. 2 of the Federal Lawyers´ Act (BRAO) and section 2 of the Rules of Professional Practice (BORA)). This does not apply to facts which are public knowledge or whose significance does not require secrecy.

In addition, we only disclose personal data to recipients outside our law firm to the extent that:

  • the data subject has given his/her consent (Art. 6 para. 1 lit a) GDPR),
  • this is necessary for the preparation or performance of a contract with the data subject (Art. 6 para. 1 lit. b) GDPR),
  • we are legally obliged to disclose such information (Art. 6 para. 1 lit. c) GDPR), or
  • the disclosure is necessary to protect our legitimate interests or the legitimate interests of our client or another third party and there is no reason to assume that the data subject has an overriding legitimate interest in not disclosing his or her data (Art. 6 para. 1 lit. f) GDPR).

The following categories of recipients are particularly relevant in the context of a client relationship: contractual partners of our clients and their representatives, notaries, courts, authorities, bailiffs, counterparties and their representatives and translators.

We also use IT service providers in accordance with Art. 28 GDPR. Such IT service providers may process personal data solely for the performance of their duties and in accordance with our instructions. For the hosting of our website, we use servers of STRATO AG based at Pascalstraße 10, 10587 Berlin, Germany.

VI. TRANSFER OF PERSONAL DATA TO RECIPIENTS IN THIRD COUNTRIES

We do not transfer personal data of visitors to our website or job applicants to recipients in third countries outside the European Economic Area.

In the context of a client relationship, we only transmit personal data to recipients in countries outside the European Economic Area on of the following conditions:

  • the data subject, in particular a client, has explicitly consented to the proposed transfer (Art. 49 para. 1 sentence 1 lit. a GDPR),
  • the transfer is necessary for the formation and/or performance of a contract between ourselves and the data subject (in particular where such data subject is a client) or the implementation of pre-contractual measures taken at the data subject´s request (Art. 49 para. 1 lit. b) GDPR),
  • the transfer is necessary for the conclusion or performance of a contract concluded between ourselves and a third party (being another natural or legal person) and with such contract being in the interest of the data subject, in particular where such data subject is a client, (Art. 49 para. 1 lit. c) GDPR), or
  • the transfer is necessary for the establishment, exercise or defense of legal claims (Art. 49 para. 1 lit. e) GDPR).

The recipients correspond with the categories of recipients listed under section VI. of this Privacy Policy.

VII. DUTY TO PROVICE PERSONAL DATA

Individuals are not obliged to provide us with personal data outside of a client relationship. However, we can only respond to enquiries or process a job application if we are allowed to contact the respective individual and if we are provided with certain information. In the context of a (potential) client relationship, we are not able to advise and represent a natural or legal person, unless such person provides us with certain data relating to the relevant matter that may also contain personal data.

VIII. NO AUTOMATED DECISION-MAKING

We do not make use of automated decision making within the meaning of Art. 22 GDPR.

IX. YOUR RIGHTS

With regard to our processing of your personal data, you are entitled to the following rights free of charge:

1. RIGHT OF ACCESS PERSUANT TO ART. 15 GDPR

You have the right to request information from us as to whether and, if so, how we process your personal data. Upon request, we will provide you with a digital copy of this data. Please note that we are not in a position to assign any data collected through the Matomo web analytics service (cf. section II.2.2 of this Privacy Policy) to individual persons. Accordingly, we cannot provide any information on this data.

The aforementioned right to information may be limited or excluded under certain legal conditions. In particular, according to section 29 para. 1 sentence 2 BDSG, there is no right to information which has to be kept confidential due to a legal provision, its nature or an overriding legitimate interest of a third party. Relevant legal provisions in this context are section 43a para. 2 BRAO and section 203 para. 1 no. 3 of the German Criminal Code (StGB). In case of an enquiry, we will highlight any limitations where applicable.

2. RIGHT TO RECTIFICATION AND ERASURE PURSUANT TO ART. 16 AND 17 GDPR

You have the right to obtain rectification of inaccurate or incomplete personal data and –  if the legal requirements are met – erasure of your personal data. We are, among other things, obliged to erase such data if it is no longer required for the purpose for which it was collected or otherwise processed, or if you withdraw your consent. The aforementioned right to erasure may be excluded under certain legal conditions (see Art. 17 para. 3 lit. e) GDPR). In particular, you do not have the right to erasure if the processing of your personal data is necessary to establish, exercise or defend legal claims.

3. RIGHT TO RESTRICTION OF PROCESSING PURSUANT TO ART. 18 GDPR

In certain circumstances, such as where you contest the accuracy of your personal data, you have the right to ask us to restrict the processing of such data.

4. RIGHT TO WITHDRAW CONSENT PURSUANT TO ART. 7 PARA. 3 GDPR

If you have given your consent to the processing of your personal data (e.g. in order to be added to our talent pool), you have the right to withdraw your consent at any time. Where there is no other legal ground for the processing, we will erase the relevant data promptly. The legality of processing activities prior to any consent withdrawal will be unaffected by such withdrawal.

5. RIGHT TO OBJECT PURSUANT TO ART. 21 GDPR

Pursuant to the provisions of Art. 21 para. 1 GDPR, you also have the right to object at any time to our processing of your personal data on the basis of grounds relating to your particular situation. The aforementioned general right of objection applies to all processing purposes described in this Privacy Policy which are carried out on the basis of our legitimate interests pursuant to Art. 6 para. 1 lit. f) GDPR. If you make use of your right to object, we shall no longer process your personal data unless we can demonstrate compelling legitimate grounds for such processing, which override your interests, rights and freedoms, or which are necessary for the establishment, exercise or defense of legal claims.

6. RIGHT TO LODGE A COMPLAINT WITH A SUPERVISORY AUTHORITY PURSUANT TO ART. 77 GDPR IN CONJUNCTION WITH SECTION 19 BDSG

If you believe that we are processing your personal data in violation of the GDPR or other data protection laws, you also have the right to lodge a complaint with a competent supervisory authority. In particular, you may contact the supervisory authority responsible at your place of residence or state, or the supervisory authority responsible for us. The supervisory authority responsible for us is the:

Berliner Beauftragte für Datenschutz und Informationsfreiheit
Friedrichstr. 219
10969 Berlin
Phone: 030 13889-0
Fax: 030 2155050
E-Mail: mailbox@datenschutz-berlin.de

 

Last updated: 18 February 2019