Data Protection Information
We would like to give you information and advice on how NORDEMANN processes personal data. The advice concerns the use of our website and processing of personal data by NORDEMANN in the course of its legal practices.
The data controller is Nordemann Czychowski & Partner Rechtsanwältinnen und Rechtsanwälte mbB, Helene-Lange-Straße 3, 14469 Potsdam (hereinafter „NORDEMANN“).
Do you have any questions relating to data protection? We will be happy to answer them. You can contact our Data Protection Officer (DPO) at firstname.lastname@example.org and at +49 331 27543-0.
1. Data Processing when visiting our website at nordemann.de
During your visit to our website, we collect and process information which you send to us through technically automated means and/or personal data which you send to us voluntarily.
Automated processing of data when using the website
We automatically process the following information every time you visit our website:
- The IP address of your computer or other end device (e. g. tablet or smartphone) and the request(s) sent by your browser
- the volume of data transmitted, the type and version of browser used, the screen resolution and the operating system used.
The IP address and information on the request(s) from your internet browser are necessary, for technical reasons, for you to visit and use the website; without this data being processed, webpages cannot be accessed and cannot be displayed. The processing of the IP address is anonymised by way of abbreviation or deleted once it is no longer required for technical reasons for you to access/use the website.
Information on the volume of data transmitted, the type and version of browser used, the screen resolution and the operating system used is collected and processed in order to optimise how content is displayed, determine the system capacity and make future modifications and improvements to the website, on the basis of statistical analyses (where applicable).
The legal basis for this processing of data is Art. 6 (1), first sentence, (f) GDPR. The legitimate interest in processing the relevant data is that it makes accessing the website technically possible, optimises how the content is displayed for the user and enables the continued improvement/optimisation of the internet service in the future.
We do not use any cookies. This is why our website does not pop up a cookie banner.
Data Processing when submitting job applications
The data you provide us with in the context of your job application will be processed exclusively for the purpose of processing this application.
The documents submitted by you in the course of your job application may contain personal data within the meaning of Article 9 of the GDPR, i. e. personal data belonging to the special categories of data, also referred to as “sensitive data”, revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data, data concerning health or data concerning a natural person’s sex life or sexual orientation.
We recommend that, as a matter of principle, you do not submit any personal data that falls under these special categories. In the event that you nevertheless wish to submit documents to us that contain such data, we ask for your express consent to process this data for the purpose of processing your application. You are free to decide whether you wish to give us this consent, and you may revoke it at any time. The revocation of your consent does not affect the legality of any processing that has taken place prior to the revocation on the basis of your consent. However, we would like to point out that in the event that your application has led to employment, further processing of the sensitive data which is (also) contained in the application may be necessary for the purposes of carrying out the obligations and exercising specific rights in the field of employment and social security and social protection law, and may therefore be justified under Art. 9 Para. 2 lit. b GDPR even without your consent.
Please also note that your application cannot be considered if your application documents contain sensitive data and you do not consent to their processing or revoke your consent. In this case you are welcome to resubmit your application without this data.
If the application leads to employment, the data will be transferred to your personal file. If the application is unsuccessful, the data will be automatically deleted after a period of four months from the date of rejection, unless longer storage is justified in individual cases, in particular with regard to the duty of proof under the German General Act on Equal Treatment. If you expressly agree to a longer storage of your data, e.g. for including your application in an application database, the data will then be further processed based on your consent. However, you can of course revoke your consent at any time by making a declaration to us with effect for the future.
The legal basis for the processing of the general personal data contained in the application is § 26 para. 1 BDSG in conjunction with Art. 88 GDPR (no matter if an employment relationship is established). Insofar as the application contains sensitive data, the relevant processing is carried out on the basis of your consent in accordance with Art. 9 para. 2 lit. a GDPR; in the case of an employment relationship, the relevant processing of this sensitive data is carried out on the basis of Art. 9 para. 2 lit. b GDPR and Art. 26 para. 3 BDSG. The legal basis for possible processing for a period longer than four months after rejection is Art. 6 para. 1 lit. f GDPR and Section 24 para. 1 no. 2 BDSG. The legitimate interest lies in particular in legal defense or enforcement.
In the event of a rejection of the application and your consent to further processing beyond four months, the legal basis is Art. 6 para. 1 sentence 1 lit. a GDPR.
2. The processing of personal data when providing legal services
In the following, we inform you about the type, extent and purpose of data processing by NORDEMANN when providing our legal services.
The processing of personal data relating to clients
When we receive an instruction to act as attorneys, we collect and process the name, address and other contact information (e. g. email addresses, telephone and fax numbers etc.) of the requesting party as well as information related to any facts provided by them, which could also contain personal data. During the course of working on client matters, further personal data could also be stored. Generally, all data, including personal data, is collected and processed by NORDEMANN in software for attorneys into electronic client and case files.
The collection and further processing of this data is carried out for the purposes of establishing and performing the contract of engagement and to carry out pre-contractual steps at the request of the Data Subject, as well as for the purposes of billing the services provided.
The legal basis for this processing of data is Art. 6 (1), first sentence, (b) GDPR.
The processing of personal data relating to third-parties
In the course of providing its services, NORDEMANN also processes personal data of third parties, e.g. those of opposing parties, representatives of opposing parties, contact persons in public authorities, courts and service providers, business contacts etc. This includes in particular contact data (names, addresses, telephone numbers and fax numbers, email addresses etc.) as well as information relating to client matters, which could also contain personal data. Some of this data is collected directly from the data subjects, some is collected by other means, specifically for the purpose of
- providing legal advice and representation services to clients of NORDEMANN, including the related correspondence and documentation,
- for the purpose of business communications and in relation to establishing a possible working relationship in the future (e. g. processing contact details of translators, research institutes or other service providers; personal contact details in the course of prior business encounters etc.) or expected other future contacts (e. g. representatives of opposing parties, contact persons in public authorities, courts etc.).
The processing operations may, depending on the situation and constellation, be based on different legal grounds, in particular Article 6 (1) s. 1 lit. f GDPR. The legitimate interest is in the proper and effective provision of legal advice and representation services to clients. Furthermore, the processing may also be based, for example, on Art. 6 (1) s. 1 lit. c GDPR if it is necessary to fulfil a legal obligation, or on Art. 24 para. 1 no. 2 BDSG if this is necessary to assert, exercise or defend civil law claims. To the extent that contractual agreements exist between the data subject and NORDEMANN and the processing of personal data occurs in the performance of those agreements, the basis for that processing is Art. 6 (1) first sentence (b) GDPR.
Recipients of personal data
In the course of the handling of client matters, personal data is sent to service providers who process that data for a specific purpose on behalf of NORDEMANN within the meaning of Art. 28 GDPR on the basis of a contractual agreement for third party processing as per Art. 28 (3) GDPR. Primary examples of this are IT service providers, in particular in respect of the attorney software and technical infrastructure used, and service providers for financial bookkeeping and accounting. All service providers engaged by NORDEMANN have signed a contractual agreement with NORDEMANN in which they undertake to maintain confidentiality where they come into or could come into contact with information covered by a confidentiality undertaking.
Depending on the type of client matter, personal data may also be transferred in the course of working on the matter to third parties who are not processors. This may include, in particular, recipients in the following categories: opposing parties and representatives thereof, courts, authorities, bailiffs, correspondence attorneys and external counsels, translation providers, research providers, consulates, embassies etc. Such a transmission to third parties will only occur if and to the extent that
- the transmission is necessary for the performance of the contract of engagement (legal basis: Art. 6 (1) first sentence lit. b GDPR) or
- this is covered by the client’s consent (legal basis: Art. 6 (1) first sentence lit. a GDPR), or
- the transmission of data is required to preserve the legitimate interests of NORDEMANN or a third party, in particular a client, and these are not overridden by the interests or fundamental rights and freedoms of the Data Subject, which require the protection of personal data (legal basis: Art. 6 (1) first sentence lit. f GDPR).
Transfer of data to third countries
In connection with the work on client matters, personal data may be transmitted, depending on the individual case concerned, to third countries, namely countries outside the European Union and the European Economic Area (EEA), or international organisations (e. g. authorities, opponents and their representatives, correspondent attorneys etc.). This includes transmission to countries in relation to which the European Commission has not decided that the country ensures an adequate level of protection (Art. 45 (3) GDPR) and possibly also transfers for which no safeguards under Art. 46 GDPR are provided.
To the extent that an adequacy decision has not been adopted and/or suitable safeguards have not been provided, a transmission of that kind will only be made in exceptional cases as per Art. 49 (1) first sentence GDPR, in particular if and to the extent that
- this is necessary for the performance of the contract of engagement between the client and NORDEMANN or to carry out precontractual steps at the request of the client,
- this is necessary for the conclusion or performance of a contract entered into in the interests of the client by NORDEMANN with another natural or legal person,
- this is necessary for the assertion, exercise and defence of legal claims,
- an express consent within the meaning of Art. 49 (1) first sentence lit. a GDPR, or
- the transmission is from a register within the meaning of Art. 49 (1) first sentence lit. g GDPR (e. g. the German Trade Mark and Patent Register).
Duration of retention
The mandatory retention period for files by attorneys at law and patent attorneys is currently six years, commencing upon expiry of the calendar year in which the concrete case ended; moreover, the general tax and/or commercial retention periods apply. NORDEMANN will store the personal data related to clients and client matters for at least the duration of these time limits.
In addition, NORDEMANN will, in individual cases, processes, on the basis of Art. 6 (1) first sentence lit. f GDPR, personal data related to clients and client matters also beyond these statutory retention periods, to the extent that this is appropriate and necessary, in particular in the case of open ended client relationships, for the ongoing maintenance, monitoring, preservation and defence of intellectual property rights and other legal interests. In this regard, in the case of open ended client relationships, the data related to individual matters will not be deleted prior to the end of the client relationship to enable information from completed matters to be taken into acount in respect of the advice on current and future matters. Moreover, processing beyond the statutory data retention periods is carried out for the purpose of identifying and preventing so-called conflicts of interest when before working on new cases as well as for providing information to clients, including in relation to concluded matters.
Contact data not related to a specific client and/or client matter, concerning, for example contact persons at service providers (e. g. research providers, translators, survey institutes etc.) is stored for as long as this is needed for the purposes described above.
Your rights and final information
a) You have the right to request confirmation from NORDEMANN on whether personal data concerning you is processed. If this is the case, you have a statutory right of access to information regarding this personal data (Art. 15 GDPR in conjunction with Sec. 34 German Federal Data Protection Act (BDSG)). A right of access does not exist, however, in the derogations stipulated in Sec. 27 (2), Sec. 28 (2), Sec. 29 (1) second sentence and Sec. 34 (1) BDSG. In particular, there is no right of access to information to the extent that the granting of access would lead to a disclosure of information which must be kept secret due to a legal provision or due to its inherent nature, in particular due to an overriding legitimate interest of a third party (Sec. 29 (1) second sentence BDSG).
b) You also have the right to request that inaccurate personal data be rectified and where applicable – taking into account the purposes of the processing – incomplete personal data be completed, including by means of a supplementary statement (Art. 16 GDPR). Moreover, in the cases laid out in Art. 17 (1) (a) to (f) GDPR, you have a right to request that personal data be deleted, provided no exception as per Art. 17 (3) GDPR applies, as well as that the processing be restricted in the cases laid out in Art. 18 (1) GDPR. There is also a right to have data portability ensured in the cases laid out in Art. 20 (1) GDPR.
c) You have the right to appeal to the competent supervisory authority, if you are of the opinion that the processing of your personal data violates the GDPR.
d) The right to object to processing on the basis of legitimate interests: To the extent the processing of data is based on Art. 6 (1) (f) GDPR (“legitimate interests”), you have the right, under Art. 21 GDPR, to object at any time, for reasons related to your particular situation, to the processing of personal data concerning you. In the case of an objection, NORDEMANN will no longer process the personal data, unless
- the processing serves the assertion, exercise or defence of legal claims or
- NORDEMANN can prove necessary, legitimate grounds for the processing which override the interests, rights and freedoms of the Data Subject.
e) An automated decision-making does not take place.
f) There is no legal or contractual obligation to provide NORDEMANN with personal data. However, you may be required to do so if, for example, NORDEMANN asserts a justified legal or contractual right to information on its own behalf or on behalf of its clients. Further, the provision of personal data is required to establish a client relationship with NORDEMANN.
This Data Protection Policy was last updated on January 2020 and may in future be modified according to changing circumstances, in particular to conform to amendments to legal requirements, the practice of public authorities or case law. The latest version can always bee read at www.nordemann.de/data-protection.
Version: January 2020