PRIVACY POLICY
August 2024
In this Privacy Policy, we inform you about the nature, scope and purpose of the generation and use of your personal data we obtain
- when you visit and use our website www.duennwald-legal.com (II.)
- when you contact us (III.)
- when you enter into a retainer agreement with us (IV.) and
- in court or other proceedings (V.).
If you are redirected to other websites via links set by us, please refer to such websites for information about the scope of the collection, processing, use and/or transmission of your personal data on those websites, as we have no influence on them.
I. GENERAL INFORMATION
1. Controller
The operator and person responsible for controlling the generation, processing and use of your personal data for the purposes of the General Data Protection Regulation („GDPR“) and the German Federal Data Protection Act („BDSG“) is:
Prof. Dr. Dirk Dünnwald
Emkendorfstraße 34c
22605 Hamburg
T: +49 40 8550 8930
Email: mail@duennwald-legal.com
2. What are personal data?
According to Article 4(1) GDPR, personal data means any information relating to an identified or identifiable natural person (‘data subject’). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person, including, but not limited to, your first name and surname, gender, postal address, phone number, mobile number, user, password and IP addresses.
II. VISITING OUR WEBISTE
You can visit our website www.duennwald-legal.com without disclosing any data relating to your identity; we merely collect so-called access data and temporarily store it in a log file.
The following data is collected and saved until it is automatically deleted without requiring any further action on your part:
- name of the requesting Internet access provider
- operating system of your computer and the browsers you use
- website from which you are visiting us (referrer URL)
- name and URL of the file accessed
- date and time of access
- information on whether access was successful
- IP address of the accessing computer
We use Google Fonts (fonts) of the company Google Inc. on our website (responsible for the European area: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland). However, the Google fonts are provided locally on our web server, not on Google’s servers, so there is no connection to Google’s servers and no transfer or storage of data takes place.
1. Processing Purposes
The data listed above is processed for the following purposes:
- to ensure a smooth connection to the website
- for the convenient use of our website
- to evaluate system security and stability
- to enable technical administration
- to enable the network infrastructure
- to be able to produce statistical data
- for other administrative purposes
The IP address is used only when the network infrastructure is attacked and for statistical purposes, without drawing conclusions as to your identity.
2. Storage term
The log file data mentioned above is deleted automatically after 30 days.
3. Legal basis
The legal basis for data processing is Article 6(1)(1)(f) GDPR. Our legitimate interest follows from our interest in security and the need to provide trouble-free access to our website.
4. Recipient
Our website is hosted by our external IT provider with whom we have concluded a processor contract. No data is transmitted to any third country outside Europe.
5. Right to object and to request erasure
Should you wish the personal data we collected in your regard to be deleted, you can send us a corresponding request by simple email, no special form required, addressed to mail@duennwald-legal.com.
III. CONTACT
You can contact us by email or by phone. Likewise, our work may require us to contact you as the opposing party in the proceedings (see section V.).
If you send us an email, the personal data you send by email will be stored.
If you contact us by telephone, our telephone system will store your phone number so that we can call you back if necessary. In the event that your phone call is taken, we will record your phone number, your name and your request for processing.
Where client-related information concerned, it is added to a file.
The following data is generally saved when you contact us by email or make enquiries by telephone.
- salutation, first name and surname
- company, if applicable
- address
- email address
- phone number
- fax number, if applicable
- content
1. Processing purposes
The purpose of the processing of your personal data is to process the contact made.
Other personal data processed during sending is processed for the purpose of ensuring the security of our information technology systems.
2. Storage period
Your data will be deleted as soon as the reason for communication has ceased to exist, i.e. when it can be inferred from the circumstances that the matter in question has been finally settled or the underlying contractual relationship has been ended and the legal retention period has expired. Retention periods are 5 years for personal data that is subject to § 147 of the German Tax Code (“Abgabenordnung”) and 10 years for data this is subject to § 257 of the German Commercial Code (“HGB”). The storage periods begin at the end of the calendar year in which the data is collected.
If your data is entered into a file, we are obliged to retain it for six years under § 50(1)(2) of the German Federal Regulations for Attorneys (“BRAO”) (also see clause IV.). The period begins at the end of the calendar year in which the retainer agreement with the client is terminated. We will ensure that the data is protected against unauthorised access until then.
3. Legal basis
The legal basis for processing data transmitted when making and maintaining contact is Article 6(1)(1)(f) GDPR. Our legitimate interest is our ability to process your enquiry. Where you make contact for the purpose of instructing us to act on your behalf or to enter into any other contract with us, processing is based on Article 6(1)(1)(b) GDPR.
4. Right to object and to request erasure
Should you wish us to delete the personal data we collected concerning you, you can do so by sending us a corresponding request by simple email, no special form required, addressed to mail@duennwald-legal.com. All personal data stored during the process of making and maintaining contact will be deleted, unless we are required by law to store them for a longer period, and provided we do not require your data for implementing a contract.
IV. DATA PROCESSING UNDER A RETAINER AGREEMENT
Where you instruct us to represent your legal interests and act on your behalf, we will collect personal data from you or through own research and process it under such a retainer agreement.
In the event of a retainer agreement, we generally collect the following of your personal data:
- salutation, first name and surname
- email address
- address
- signature
- phone number (landline and/or mobile)
- information needed to assert and defend your rights under the retainer agreement
- email address
- bank details, where required
- other personal data, where required
1. Processing purposes
The data is collected for the following processing purposes:
- (internal) identification as our client
- provisions of adequate legal advice and representation
- correspondence with you
- invoicing
- to settle liability claims and/or other claims, if any, that may be asserted against you.
2. Storage period
The personal data we collect under a retainer agreement concluded with you will be stored in conformity with our legal storage obligation for a period of 6 years, after which they are deleted within a reasonable period of time, save where we are obliged under tax and/or commercial law (e.g. under the German income tax act (“EStG”), the German social code (“SGB”), German commercial code (“HGB”), German criminal code (“StGB”) or the German tax code (“AO”) to keep and document them for a longer period according to Article 6 (1)(1)(c) GDPR or where you consented to a longer storage period according to Article 6(1)(1)(c) and/or Article 9(2)(1)(a) GDPR.
3. Legal basis
Data processing takes place upon your enquiry and is necessary according to Article 6(1)(1)(b) GDPR for the purposes set out above to adequately perform the retainer agreement and for both parties to fulfil the obligations arising from the retainer agreement. We are further obliged under Article 6(1)(1)(c) GDPR to process your data to duly and properly perform our services under the retainer agreement.
4. Recipient
Due to our duty of professional secrecy we are generally not permitted to pass your data on to any third party. Your data will therefore not be passed on without your express consent, Article 6(1)(1)(f) GDPR and/or Article 9(2)(a) GDPR, save where necessary to process the retainer agreement concluded with you (Article 6(1)(1)(b) GDPR) or to fulfil a legal obligation (Article 6(1)(1)(c) GDPR) or to assert our rights, e.g. claims arising under the agreement we concluded with you.
For example, to process the retainer agreement concluded with you it may be necessary to pass on part of your personal data to opponents in the proceedings or to their legal counsel (in particular their lawyers) and to courts and other authorities for purposes of correspondence, and to assert and defend your rights. Such third parties to whom personal data has been passed on may only use the data for the purposes specified above. External service providers will receive personal data solely, and without exception, for the purpose of managing your file and servicing our IT infrastructure and only if such third parties have undertaken under processor contracts to take special precautions to protect your data and can guarantee compliance with such precautions.
Within our law firm, only those members of our staff will gain access to your data who need to have knowledge of them in order to perform their duties within the framework of the retainer agreement.
5. Right to object and to request erasure
You have the right to object to the processing of your personal data. To do so, simply write us an email addressed to: mail@duennwald-legal.com. Your personal data will then be deleted unless a statutory obligation to keep them for longer applies and unless we still need the data to process the retainer agreement.
V. DATA PROCESSING BY PARTIES INVOLVED IN THE PROCEEDINGS
The situation may arise in the context of our work as lawyers that we process your personal data due to your role as a party to proceedings or litigation. In this case, we generally receive your data from our clients for the purpose of duly and properly representing their interests, or from public bodies, such as courts, within the framework of the management of our clients‘ cases.
Such data may include, but is not limited to:
- salutation, first name and surname
- email address
- address
- signature
- information we obtain in the course of the proceedings or procedure
1. Processing purposes
Your personal data is processed for the purpose of providing legal advice, representing legal interests and duly and properly conducting proceedings, all in our functions as lawyers.
2. Storage period
Personal data collected within the framework of a lawyer’s retainer agreement will be stored in accordance with our professional legal storage obligation for a period of 6 years following the end of the retainer agreement, after which it is deleted within a reasonable period of time, unless we are obliged under Article 6(1)(1)(c) GDPR and under tax and/or commercial law (e.g. EStG, SGB, HGB, StGB or AO) retention and recording obligations to store it for a longer period of time.
3. Legal basis
The legal basis for such data processing is Article 6(1)(1)(b) GDPR and Article 6(1)(1)(c) GDPR; we are obliged to process your data in order to duly and properly manage your case, where applicable.
4. Recipient
Due to our professional duty of secrecy, we generally are not permitted to pass on to any third party any data that we have gained knowledge as part of a client’s case. In order to assert and defend the rights of our clients, it may be necessary to transmit some of your personal data to your representative(s) (in particular your lawyer(s)) as well as to courts and other public authorities for the purpose of correspondence and to assert and defend the rights of our clients. Third parties may use such transmitted data solely for the purposes specified above.
External service providers are granted access to personal data solely, and without exception, for the purposes of file management and to service our IT infrastructure and only if such service provider(s) have agreed to take special precautions to protect your data under processor contracts and guarantee compliance with such precautions.
Within our law firm, only those members of our staff will gain access to your data who need to have knowledge of them in order to perform their duties within the framework of the retainer agreement.
5. Right to object and to request erasure
You have the right to object to the processing of your personal data. To do so, simply write us an email addressed to: mail@duennwald-legal.com. Your personal data will then be deleted unless a statutory obligation to keep them for longer applies.
VI. PASSING ON PERSONAL DATA TO THIRD PARTIES
We generally only pass on your personal data to third parties if
- you have given your express consent under Article 6(1)(1)(a) GDPR;
- if processing is necessary to perform a contract concluded with you, Article 6(1)(1)(b) GDPR,
- in case processing is necessary for compliance with a legal obligation, Article 6(1)(1)(c) GDPR.
The third party may use the transmitted data solely for the purposes specified above. Transmission of personal data to a third country (outside the EU) or an international organisation is prohibited.
Furthermore, external service providers are only, and without exception, granted access to personal data if they have committed themselves by contract to fulfil their special obligations as processors and guarantee that they have taken special precautions to protect your data.
VII. DATA SECURITY
We take all necessary technical and organisational security measures to protect personal data against loss and misuse. For example, data is stored in a secure operating environment that is not accessible to the public. Our security measures are continuously updated in line with technological developments.
We encrypt all e-mails using an SSL/TSL certificate. If the recipient(s) do/does not use the protocol to communicate with their server (data centre) the route is not encrypted.
By sending us emails you confirm that you are aware of the risks.
VIII. YOUR RIGHTS
You have the right
- under Article 15 GDPR to obtain access to and information on the personal data concerning you that we have processed. In particular, you have the right to obtain information on the purposes of processing, the categories of personal data concerned, the categories of recipients to whom the personal data have been or will be disclosed, the envisaged period for which the personal data will be stored, the existence of the right to request rectification or erasure, or restriction of processing, or the right to object to such processing, the right to lodge a complaint, available information as to the source of the personal data where we have not collected them, and on the existence of automated decision-making, including profiling and, at least in those cases, meaningful information about the logic involved;
- under Article 16 GDPR to obtain from the controller without undue delay the rectification of inaccurate personal data concerning you;
- under Article 17 GDPR to obtain the erasure of your personal data stored by us, unless processing is necessary to exercise the right of freedom of expression and information, to comply with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims;
- under Article 18 GDPR to obtain restriction of processing of your personal data where you contest the accuracy of the data, where processing is unlawful but you oppose the erasure and we no longer need the data but you need them for the establishment, exercise or defence of legal claims or if you objected to processing according to Article 21 GDPR;
- under Article 20 GDPR to receive the personal data concerning you, which you provided to us, in a structured, commonly used and machine-readable format or the right to request transmission of such data to another controller;
- under Article 7(3) GDPR to withdraw at any time the consent you previously granted. As a result of such withdrawal we shall no longer be permitted to continue the data processing conducted on the basis of such consent; and
- under Article 77 GDPR to lodge a complaint with a supervisory authority. Generally, you can turn to the supervisory authority responsible for your habitual residence or your place of work, or for our offices.
For any of the above purposes, please send us an email to: mail@duennwald-legal.com or a letter addressed to: DÜNNWALD LEGAL, Emkendorfstraße 34c, 22605 Hamburg.
IX. RIGHT TO OBJECT
Where your personal data are processed on the basis of our legitimate interests under Article 6(1)(1)(f) GDPR, you have the right under Article 21 GDPR to object to the processing of your personal data on grounds relating to your particular situation.
If you wish to exercise your right to object, a simple email to mail@duennwald-legal.com suffices.
X. UPDATES AND AMENDMENTS OF THE PRIVACY POLICY
The present Privacy Policy is valid and effective and was last updated in January 2023. Amendments of the Privacy Policy may become necessary due to further developments of our website or due to changed legal or official rules and/or regulations.
For more information on data processing, please contact: mail@duennwald-legal.com.