Personal data / Data subject
Personal data means any information relating to an identified or identifiable natural person (“data subject”); a natural person is considered as being identifiable, directly or indirectly, in particular if this natural person can be identified by means of an identifier such as a name, an identification number, location data, an online identifier or one or more special characteristics expressing the physical, physiological, genetic, mental, economic, cultural or social identity of this natural person.
This includes, for example, a court file number because the court can thereby establish a personal reference to the parties. An IP address is an address in computer networks that, like the internet, is based on Internet Protocol (IP). It is assigned to devices that are connected to the network, making the devices addressable and thus accessible; an IP address is also personal data.
A data subject is either you as a client, as a person who contacts us, or as a contact person in a company with whom we have a client relationship. A data subject can also be the opponent or a person about whom information is processed as part of the client relationship.
Legal confidentiality obligation
We are obligated to confidentiality. This obligation covers everything that has become known to us in the practice of our profession. The persons employed by us are also obligated to confidentiality. This also applies to persons who participate in our professional activity as part of career preparation or another auxiliary activity.
In line with the GDPR, this also applies to the use of legal services per se.
If we have data processed on our behalf, we are obliged to conclude a special agreement with the service providers for commissioned data processing and to have the service provider prove that they have implemented appropriate security measures, Art. 28 GDPR. However, not every use of service providers is subject to Art. 28 GDPR. Each time we use service providers, we check whether Art. 28 GDPR applies or not.
With service providers who are headquartered outside the European Union or outside the Member States recognised by the European Commission as secure third countries, such as Iceland, Liechtenstein, Norway or Canada, we apply the current standard contractual clauses of the European Commission in the client-contractor (controller-processor) relationship.
No commissioned processing
As freelancers, attorneys do not wok within the framework of commissioned processing according to Art. 28 GDPR.
Legality of processing
Data processing is only lawful if, in particular:
- The processing is necessary for the performance of a contract of which the data subject is a party, or for the performance of pre-contractual measures which are carried out at the request of the data subject (Art. 6 (1) (1) (b) GDPR);
- Processing is necessary to safeguard the legitimate interests of the controller or a third party, unless the interests or fundamental rights and freedoms of the data subject requiring the protection of personal data prevail, in particular where the data subject is a child (Art. 6 (1) (1) (f) GDPR), or
- The data subject has consented to the processing of the personal data concerning them for one or more specific purposes (Art. 6 (1) (1) (a) GDPR).
Art. 6 (1) (1) (b) GDPR generally provides the legal basis for clients as data subjects; Art. 6 (1) (1) (f) GDPR applies for other persons such as opponents.
Objection and revocation
In the event of an objection to data processing, the data processing on the basis of a legal basis is considered permissible until you submit an objection. An objection is particularly relevant for data processing which is based on Art. 6 (1) (1) (f) GDPR. In the event of an objection, we have a right to scrutinise whether legitimate reasons for data processing take priority. In this event, the data processing will be restricted at your request.
If you have given consent to data processing, you have a right to revoke your consent. Our data processing is based on consent only if we inform you of this explicitly or if you have to declare your consent explicitly.
Objections and revocations can be directed to Datenschutz@reme.de.
We store your data as long as we need it to carry out the client relationship. Due to tax regulations, we are obliged to store billing and payment data for a period of ten years, e.g. § 14b Value Added Tax Act https://www.gesetze-im-internet.de/ustg_1980/__14b.html
You have the following rights with respect to your personal data:
- Right to information,
- Right to access,
- Right to correction or deletion,
- Right to testriction of processing,
- Right to data portability,
- Right to objection and revocation.
When contacting us by email, we store all the necessary data to answer your request. Emails are stored for 3 years on our servers; further use of the email address, also for advertising purposes, is excluded unless you enter into a client relationship with us.
If you contact us by telephone, information such as your telephone number and information about your request may be stored with us. Your telephone number will be stored on the telephone system, if you transfer it, and will be regularly overwritten.
If you enter into a client relationship with us, we store all information arising in the context of the client relationship in our attorney software and in the client’s file in paper form. The services used for the attorney software are are carried out by a service provider, with whom we have concluded a corresponding commissioned processing agreement, Art. 28 GDPR.
After termination of the client relationship, the files are archived; this is done by an external service provider. We have concluded a commissioned processing agreement with them, Art. 28 GDPR.
All documents you have submitted to us remain your property. As a matter of principle, you have a right to surrender of the documents upon termination of the client relationship.
The possible recipients of your data are, for example, courts or opposing lawyers.
In the interest of a quick processing, we communicate regularly by email. The email communication is unencrypted, unless you explicitly desire a different means of communication.
We operate our servers, on which personal data from the client relationship is processed, in-house. The exchange server for email communication is operated externally.
We use an encrypted communication method (https) on our website so that you can use the information on our website without disturbance. “Https” stands for “secure hypertext transfer protocol” and allows for secure transmission of data.
Session cookies are used by the servers to store information about a visitor’s activities on a website. Cookies act as a kind of bookmark within the website. The connection is stored in a cookie the entire session until you close the website or log out. Then the cookie will be removed automatically.
Persistent, permanent or tracking cookies are used regularly to save visitors’ preferences, depending on your settings.
You can configure your browser settings according to your wishes and, for example, reject the acceptance of some cookies or all cookies.