In this data protection notice Oppenhoff & Partner Rechtsanwälte Steuerberater mbB, Konrad-Adenauer-Ufer 23, 50668 Köln, Telefon: +49 (0) 221 2091-0, Email: firstname.lastname@example.org, (hereinafter “we”, “us”) wish to inform you how we as the controller pursuant to data protection law process your personal data during your visit to our website, as part of a client relationship and for applications.
1. Which personal data about you do we collect?
2. What do we use your personal data for, on what legal basis and for how long?
3. Transfer of the data
4. Cookies and web analysis
7. Your rights to information, correction, blocking or deletion
8. Data protection officer
Personal data covers all information about a specific or specifiable natural person which you notify to us or which is generated or collected by us. We collect the following personal data:
1.1 Processing for the use of our website
Content data on the use of our website: If you send general or specific enquiries to us using the contact form or email addresses provided on our website, or if you register for our newsletter using the respective form, we will process the data you inserted in our form and any information you provided to us.
Server log data: When you use our websites, data on your usage (such as the date and time of your visit, pages called up and files requested, type and version of the web browser used by you, type and operating system of the end device you use as well as your IP address) is temporarily stored in a log file on our server.
1.2 Processing in the course of a client relationship
Client relationship data: When you request our legal or tax advice or retain our services, we will process the personal data required to handle your matter to the extent necessary, in particular personal data on our clients (to the extent our client is a natural person) and on any opponents and other parties involved, their respectively employees and corporate organs, as well as any other data that are contained in documents relevant to the case, in particular our files.
1.3 Processing in the course of applications
Job applicant data: When you apply for a position with our firm, we process in particular your contact details, CV, application letter, letters of reference, and internal interview notes. We fundamentally do not collect or process any special categories of personal data such as health data, unless you have voluntarily provided us with such information, for example in order to enable us to consider any statutory obligations (e.g. in case of a severe disability).
2.1 Your enquiries on our website
Should you submit enquiries to us via a contact form or per email, we process the information given therein to answer your query as well as the IP address and date/time of the request in order to avoid misuse of the contact form.
The legal basis for the processing is our legitimate interest pursuant to Art. 6 (1) lit. f GDPR in answering to your query. If your query concerns the initiation or processing of a client relationship, the additional legal basis for the processing is Art. 6 (1) lit. b GDPR.
You may oppose the processing of your data on grounds of Art. 6 (1) lit. f GDPR. In this case, upon proving mandatory reasons for the processing we can continue the processing. This can, in such case, be particularly necessary in order to prove past queries and communications with you. If no such mandatory reasons exist, we will cease the processing of your data and delete already collected data.
This data will be deleted when our communication with you or the respective relationship established by your enquiry has ended, i.e. when the factual situation at issue has been conclusively clarified and no further legitimate interest exists for the storage, respectively no further statutory obligations exist to store such data.
2.2 Advertising and product development (user data, newsletters, etc.), right to object
We also wish to use your data to inform you about our legal and tax advice (advertising) or to improve our product offers and services (product development).
2.2.1 Anonymised usage data
We use the anonymised and/or aggregated data collected with the aid of analysis tools, to be able to understand the surfing behaviour of all visitors and therewith improve the design of our website and of our product range in general. For details of the analysis tools, see point 4 below.
2.2.2 Direct marketing
On our website, you may subscribe to our newsletter, which is free of charge. The data collected upon subscription will be processed (the data provided in the mandatory fields are indispensable for receipt of the newsletter, data in the voluntary fields only serve the purpose of a more personalised selection of the displayed information). You can also give us you consent by different means.
We will contact you by email with information on legal developments, our advice, legal and other events that may be personally tailored to you and your interests on the basis of your explicit consent and in accordance with the choices you may have made when subscribing for the newsletter on our website.
If we receive your e-mail address in connection with the provision of legal and tax advice to you or the organisation you represent, and you have not contradicted this, we reserve the right to regularly send you offers on similar legal and tax advice by e-mail. You can oppose this use of your e-mail address at any time by notification to the contact details set out below or via a link contained in the advertising mail for such purpose, without this incurring any charges other than the transmission costs according to the basic rates.
In this context, we will also process data on your user conduct after we have sent you emails (e.g. click behaviour).
By telephone, we will only contact you with your respective express consent (or assumed consent in case of business contacts) with information, offers and promotional offers regarding information on legal developments, our advice, legal and other events related to our legal and tax advice that are personally tailored to you and your interests and use.
Also without consent, we may inform you where appropriate within the legally permissible scope by written mail advertising about our legal and tax advice.
Also without consent, we may inform you where appropriate within the legally permissible scope by written mail advertising about our legal and tax advice.
You may at any time wholly or partially object to the use of your personal data for advertising and product-development purposes as well as the ensuing contact for such purposes in a specific form or may revoke any consents you may have granted. Please use the corresponding functions that are already provided for your use (e.g. the unsubscribe function in your personal customer account) or address a corresponding written notification (reference: data protection) to the contact details given in clause 8 or per email to: email@example.com.
The legal basis for the processing is in case you have given your consent Art. 6 (1) lit. a GDPR and otherwise our legitimate interests (Art. 6 (1) lit. f GDPR, where applicable in connection with Sec. 7 para. 3 German Unfair Competition Act (UWG).
This data will be deleted by us following your objection, respectively revocation of any consents given, or otherwise upon the end of your use at the latest, respectively it will only be stored in aggregated, anonymised form. To the extent necessary, we will store the fact that you have objected in order to prevent you being contacted further.
2.3 Provision of the website and rendering of services
The processing of the server log data is necessary for technical reasons in order to provide the website and render the services and thereafter to ensure the system security.
The legal basis for the processing is our legitimate interest in providing the website with our services (Art. 6 (1) lit. f GDPR). The processing is a mandatory prerequisite for the use of our website.
This data is deleted after 14 days at the latest.
2.4 For the provision of legal and tax advice
The client relationship data will be processed by us for purposes of accepting a matter (including a check of conflicts of interests, money laundering, etc.), for our terms of engagement, in order to provide legal and tax advice, including the preparation of the work results owed to the client, for purposes of keeping the professionally required files, and for communicating with the clients and third parties (e.g. courts, authorities, other advisors, the opponent), as well as for invoicing our services.
Legal bases for processing personal data can, depending on the case, be (a) the initiation or performance of a contract with you as a natural person, whereby the scope and details of the data processing arise from the respective contract and, if applicable, from the relating engagement terms (Art. 6 (1) sentence. 1 lit. b GDPR), (b), the fulfilment of statutory requirements (Art. 6 (1) sentence l lit. c GDPR), to which we are bound as lawyers and tax advisors (e.g. Professional Laws governing Lawyers and Tax Advisors, Anti Money Laundering Laws), or (c) our prevailing legitimate interests in processing the data for purposes of our general business operations and in order to render our services to our clients (Art. 6 (1) lit. f GDPR).
We will store personal data for as long as such data is necessary to execute the respective consulting relationship and, where necessary, for a longer period in fulfilment of statutory or professional storage obligations.
2.5 For the processing of applications
In order to check your applications for a position with our firm, to conduct job interviews, carry out any further necessary and permissible research, for our internal decisions on your application and to notify you of an acceptance or rejection, we shall process the information transmitted by you as well as information provided via public sources such as the internet or by previous employers.
Legal basis for the processing is Art. 88 GDPR in conjunction with Sec. 26 para. 1 German Federal Data Protection Act (BDSG) (the data processing for the decision on the establishment of an employment relationship) respectively your consent to the further storage of your data in a job applicant database for possible later consideration or for its inclusion in an alumni database (Art. 6 (1) lit. a GDPR).
We will store your data as long as this is required for the aforesaid purposes and will delete the data of rejected applications within six months of notification of our decision. If your application is accepted, your data will be entered into your personnel file. In the event of a rejection, you can voluntarily consent to a lengthier storage of your data, e.g. in case we have vacancies again available at a later date; we will separately address this issue with you.
3.1 Transfer of data to data processors
We partially use service providers, in observance of the statutory requirements, by means of data processor relationships, i.e. processing is performed on the basis of a respective contract, for our account, according to our directions and subject to our control.
Our data processors are, in particular
- technical service providers whose services we retain for the provision of the website, e.g. service providers for software maintenance, data-processing operations and hosting;
- technical service providers, whose services we retain for the provision of functionalities, e.g. technically required Cookies;
- service providers for the practical execution of advertising and marketing measures, e.g. service providers for email distribution, online surveys and analysis Cookies.
In such cases we remain responsible for the data processing; the transfer and processing of personal data to or by our data processors is made on the legal basis upon which we are permitted to process data in each case. No separate legal basis is required. The processing will be done in the European Union.
3.2 Data transfer to third parties
Within the scope of our legal and tax advice, we sometimes also transmit data concerning the consultancy relationship to third parties, e.g. courts, authorities, third parties named by the clients or to the opponent. Such third parties render their activities as controllers; the processing of your data by such third parties is exclusively subject to their data protection notices. Personal data is only transmitted to non-EU states outside of the European Economic Area to the extent this is necessary to fulfil the engagement, on grounds of a consent, or to fulfil statutory requirements (e.g. to conduct professionally required conflict of interests checks).
4.1 What are Cookies?
We use so-called “Cookies” to fashion our website in a most user-friendly way. Cookies are small files stored on the user’s device. They allow the storage of information for a determinate period of time and the identification of the user’s device. For this purpose, also tracking-pixel might be used that are not stored on the user’s hard drive, but that may in the same way help to recognize a user’s device. When using the term “Cookie”, this refers to Cookies in the technical sense as well as tracking pixel and other technologies.
4.2 What Cookies do we use on what legal basis and for how long?
On this website we use two types of Cookies: (1) Cookies required for technical purposes, without which the functionality of our website would be reduced, and (2) optional Cookies for analytics:
4.2.1 Cookies required for technical purposes
The legal basis for this processing is our legitimate interest in improving our website (Art. 6 (1) lit f GDPR).
These Cookies are specifically set for individual sessions and expire when you leave the website and end the session.
4.2.2 Cookies for analytics
Analytics Cookies gather general information on how users use a website, e.g. which pages they visit most frequently and whether they receive any error messages from websites. These Cookies do not collect any data that may lead to an identification of the user. The data collected with these Cookies will not be merged with any other information on the visitors of our website. All information collected with the aid of such Cookies exclusively serves the purpose to comprehend and improve the functionality and services of the website.
This website uses the open-source web analysis service Matomo (formerly PIWIK) in order to analyse how users browse our website. This service places a Cookie on the user’s device. When surfing to websites, the following data will be collected:
(1) two Bytes of the IP-address of the device the user uses to connect
(2) the visited website
(3) the website the user visited before (referrer)
(4) the subpages browsed from this website
(5) the duration of surfing this website
(6) the frequency of visiting this website
We operate this service solely on our servers and the user data is only stored there. Data are not transferred to third parties.
We have selected settings to ensure that no full IP-addresses are stored, but 2 bytes of the IP-address will be masked (e.g.: 192.168.xxx.xxx). This ensures that we cannot re-connect the masked IP-address with your device.
The processing of the data about our users enables to analyze the usage of our online offer by users. We are able to compile reports on the activities regarding the use of the components of our online offer. This helps us to improve the website and its use. These purposes are also representing our legitimate interest to process that data in accordance with Art. 6 (1) lit. f GDPR (the legal basis for the processing). By anonymizing IP-addresses we take into account the justified interest of data subjects regarding the protection of their personal data.
The data will be deleted if no longer required for these purposes.
4.2.3 Deactivation of Cookies for analysis
A deactivation of Cookies for analysis purposes does not reduce the functionality of our website. The Cookies of this type presently used by us are offered by the following providers, to whom you may refer for information on /description of the respective Cookies or if you wish to object to their use: :
Privacy information of the provider
Possibility to object (opt-out option)
If you would rather receive information about these Cookies directly from us, please contact us via email under the contact details mentioned in Section 8.
4.3 How can I deactivate Cookies?
If you wish to generally deactivate analytics, targeting and advertising Cookies, you may deactivate individual Cookies by clicking on one of the links in the above table (opt out). Finally, you may prevent the use of any Cookies whatsoever by adjusting the settings in your browser accordingly. We wish to point out, however, that in such case the functionality of our website will be reduced, if Cookies required for technical purposes are also blocked.
For further information on Cookies and individual providers, you may e.g. refer to www.youronlinechoices.com, where you may also object to usage-based online advertising via certain or any tools. Click here to be forwarded directly to the preferences manager.
We use links to other internet presences of us on websites and services of third parties, e.g. to social media channels such as Facebook, Twitter or YouTube. These third parties are exclusively responsible for the data processing by such other service providers on their websites and their data protection notices apply.
We and our service providers take technical and organisational security measures to protect your personal data managed by us against accidental or deliberate manipulation, loss, destruction or access by unauthorised persons. Our data processing and our security measures are improved on a constant basis according to the technical developments.
During the transfer of your personal data to us it is encrypted with Secure Socket Layer (SSL). Personal data which is exchanged between you and us or other participating enterprises is fundamentally transmitted via encrypted connections which meet the latest technical standards.
Our employees and our retained service providers are naturally obliged to maintain confidentiality.
Every natural person whose personal data we process has, in principle (i.e. depending on the respective preconditions), the following rights vis-à-vis us:
- Should you have questions regarding our processing of your personal data, we would be pleased to provide you at any time and at no charge with information on the data stored about you (Art. 15 GDPR).
- You have a right to the correction of incorrect data as well as completion of incomplete data (Art. 16 GDPR).
- You have a right to the blocking/limitation of the processing or to deletion of personal data concerning you which is no longer required or stored on grounds of legal obligations (Art. 17, 18 GDPR).
- You have a right to the transfer of the data in a structured, standard and machine-readable format, insofar as you have provided us with the data on grounds of a consent or contract between us and you (Art. 20 GDPR).
- You have the right to object at any time to the processing of your data for direct marketing purposes (cf. also clause 2.2; Art. 21 para. 2 and 3 GDPR).
- You have the right to object to a processing on the basis of legitimate interest, in which case we are entitled to demonstrate our compelling reasons (Art. 21 para. 1 GDPR). We have pointed out above (clause 2) in which cases this right applies.
- Insofar as you have consented to a data processing, you can revoke this consent at any time with effect for the future, i.e. the legality of the data processing remains unaffected until the date of the revocation. After a revocation of consent, you may no longer be able to use our services.
Please address your concerns in writing (reference: data protection) or by email to the contact details given in point 8 below. We reserve the right to check your identity to ensure that your personal data is not disclosed to unauthorised persons.
Furthermore, you are entitled to file a complaint with a supervisory authority for data protection.
We have appointed a data protection officer. Please contact him as follows
Oppenhoff & Partner Rechtsanwälte Steuerberater mbB
Data Protection Officer
From time to time, the content of this data protection notice may have to be modified. We therefore reserve the right to amend them at any time. We will also publish the amended version of the data protection notice at this place. When you revisit us, you should therefore reread the data protection notice.
Version 25 May 2018