DÜNNWALD LEGAL

PRIVACY POLICY

January 2023

In this Privacy Policy, we inform you about the nature, scope and purpose of the generation and use of your personal data we obtain

when you visit and use our website www.duennwald-legal.com (II.)
when you contact us (III.)
when you enter into a retainer agreement with us (IV.) and
in court or other proceedings (V.).

If you are redirected to other websites via links set by us, please refer to such websites for information about the scope of the collection, processing, use and/or transmission of your personal data on those websites, as we have no influence on them.

I. GENERAL INFORMATION

1. Controller

The operator and person responsible for controlling the generation, processing and use of your personal data for the purposes of the General Data Protection Regulation („GDPR“) and the German Federal Data Protection Act („BDSG“) is:

Prof. Dr. Dirk Dünnwald
Tesdorpfstraße 11
20148 Hamburg
T: +49 40 411 25 22 – 0
Email: mail@duennwald-legal.com

2. What are personal data?

According to Article 4(1) GDPR, personal data means any information relating to an identified or identifiable natural person (‘data subject’). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person, including, but not limited to, your first name and surname, gender, postal address, phone number, mobile number, user, password and IP addresses.

II. VISITING OUR WEBISTE

You can visit our website www.duennwald-legal.com without disclosing any data relating to your identity; we merely collect so-called access data and temporarily store it in a log file.

The following data is collected and saved until it is automatically deleted without requiring any further action on your part:

name of the requesting Internet access provider
operating system of your computer and the browsers you use
website from which you are visiting us (referrer URL)
name and URL of the file accessed
date and time of access
information on whether access was successful
IP address of the accessing computer

We use Google Fonts (fonts) of the company Google Inc. on our website (responsible for the European area: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland). However, the Google fonts are provided locally on our web server, not on Google’s servers, so there is no connection to Google’s servers and no transfer or storage of data takes place.

1. Processing Purposes

The data listed above is processed for the following purposes:

to ensure a smooth connection to the website
for the convenient use of our website
to evaluate system security and stability
to enable technical administration
to enable the network infrastructure
to be able to produce statistical data
for other administrative purposes

The IP address is used only when the network infrastructure is attacked and for statistical purposes, without drawing conclusions as to your identity.

2. Storage term

The log file data mentioned above is deleted automatically after 30 days.

3. Legal basis

The legal basis for data processing is Article 6(1)(1)(f) GDPR. Our legitimate interest follows from our interest in security and the need to provide trouble-free access to our website.

4. Recipient

Our website is hosted by our external IT provider with whom we have concluded a processor contract. No data is transmitted to any third country outside Europe.

5. Right to object and to request erasure

Should you wish the personal data we collected in your regard to be deleted, you can send us a corresponding request by simple email, no special form required, addressed to mail@duennwald-legal.com.

III. CONTACT

You can contact us by email or by phone. Likewise, our work may require us to contact you as the opposing party in the proceedings (see section V.).

If you send us an email, the personal data you send by email will be stored.

If you contact us by telephone, our telephone system will store your phone number so that we can call you back if necessary. In the event that your phone call is taken, we will record your phone number, your name and your request for processing.

Where client-related information concerned, it is added to a file.

The following data is generally saved when you contact us by email or make enquiries by telephone.

salutation, first name and surname
company, if applicable
address
email address
phone number
fax number, if applicable
content

1. Processing purposes

The purpose of the processing of your personal data is to process the contact made.

Other personal data processed during sending is processed for the purpose of ensuring the security of our information technology systems.

2. Storage period

Your data will be deleted as soon as the reason for communication has ceased to exist, i.e. when it can be inferred from the circumstances that the matter in question has been finally settled or the underlying contractual relationship has been ended and the legal retention period has expired. Retention periods are 5 years for personal data that is subject to § 147 of the German Tax Code (“Abgabenordnung”) and 10 years for data this is subject to § 257 of the German Commercial Code (“HGB”). The storage periods begin at the end of the calendar year in which the data is collected.

If your data is entered into a file, we are obliged to retain it for six years under § 50(1)(2) of the German Federal Regulations for Attorneys (“BRAO”) (also see clause IV.). The period begins at the end of the calendar year in which the retainer agreement with the client is terminated. We will ensure that the data is protected against unauthorised access until then.

3. Legal basis

The legal basis for processing data transmitted when making and maintaining contact is Article 6(1)(1)(f) GDPR. Our legitimate interest is our ability to process your enquiry. Where you make contact for the purpose of instructing us to act on your behalf or to enter into any other contract with us, processing is based on Article 6(1)(1)(b) GDPR.

4. Right to object and to request erasure

Should you wish us to delete the personal data we collected concerning you, you can do so by sending us a corresponding request by simple email, no special form required, addressed to mail@duennwald-legal.com. All personal data stored during the process of making and maintaining contact will be deleted, unless we are required by law to store them for a longer period, and provided we do not require your data for implementing a contract.

IV. DATA PROCESSING UNDER A RETAINER AGREEMENT

Where you instruct us to represent your legal interests and act on your behalf, we will collect personal data from you or through own research and process it under such a retainer agreement.

In the event of a retainer agreement, we generally collect the following of your personal data:

salutation, first name and surname
email address
address
signature
phone number (landline and/or mobile)
information needed to assert and defend your rights under the retainer agreement
email address
bank details, where required
other personal data, where required

1. Processing purposes

The data is collected for the following processing purposes:

(internal) identification as our client
provisions of adequate legal advice and representation
correspondence with you
invoicing
to settle liability claims and/or other claims, if any, that may be asserted against you.

2. Storage period

The personal data we collect under a retainer agreement concluded with you will be stored in conformity with our legal storage obligation for a period of 6 years, after which they are deleted within a reasonable period of time, save where we are obliged under tax and/or commercial law (e.g. under the German income tax act (“EStG”), the German social code (“SGB”), German commercial code (“HGB”), German criminal code (“StGB”) or the German tax code (“AO”) to keep and document them for a longer period according to Article 6 (1)(1)(c) GDPR or where you consented to a longer storage period according to Article 6(1)(1)(c) and/or Article 9(2)(1)(a) GDPR.

3. Legal basis

Data processing takes place upon your enquiry and is necessary according to Article 6(1)(1)(b) GDPR for the purposes set out above to adequately perform the retainer agreement and for both parties to fulfil the obligations arising from the retainer agreement. We are further obliged under Article 6(1)(1)(c) GDPR to process your data to duly and properly perform our services under the retainer agreement.

4. Recipient

Due to our duty of professional secrecy we are generally not permitted to pass your data on to any third party. Your data will therefore not be passed on without your express consent, Article 6(1)(1)(f) GDPR and/or Article 9(2)(a) GDPR, save where necessary to process the retainer agreement concluded with you (Article 6(1)(1)(b) GDPR) or to fulfil a legal obligation (Article 6(1)(1)(c) GDPR) or to assert our rights, e.g. claims arising under the agreement we concluded with you.

For example, to process the retainer agreement concluded with you it may be necessary to pass on part of your personal data to opponents in the proceedings or to their legal counsel (in particular their lawyers) and to courts and other authorities for purposes of correspondence, and to assert and defend your rights. Such third parties to whom personal data has been passed on may only use the data for the purposes specified above. External service providers will receive personal data solely, and without exception, for the purpose of managing your file and servicing our IT infrastructure and only if such third parties have undertaken under processor contracts to take special precautions to protect your data and can guarantee compliance with such precautions.

Within our law firm, only those members of our staff will gain access to your data who need to have knowledge of them in order to perform their duties within the framework of the retainer agreement.

5. Right to object and to request erasure

You have the right to object to the processing of your personal data. To do so, simply write us an email addressed to: mail@duennwald-legal.com. Your personal data will then be deleted unless a statutory obligation to keep them for longer applies and unless we still need the data to process the retainer agreement.

V. DATA PROCESSING BY PARTIES INVOLVED IN THE PROCEEDINGS

The situation may arise in the context of our work as lawyers that we process your personal data due to your role as a party to proceedings or litigation. In this case, we generally receive your data from our clients for the purpose of duly and properly representing their interests, or from public bodies, such as courts, within the framework of the management of our clients‘ cases.

Such data may include, but is not limited to:

salutation, first name and surname
email address
address
signature
information we obtain in the course of the proceedings or procedure

1. Processing purposes

Your personal data is processed for the purpose of providing legal advice, representing legal interests and duly and properly conducting proceedings, all in our functions as lawyers.

2. Storage period

Personal data collected within the framework of a lawyer’s retainer agreement will be stored in accordance with our professional legal storage obligation for a period of 6 years following the end of the retainer agreement, after which it is deleted within a reasonable period of time, unless we are obliged under Article 6(1)(1)(c) GDPR and under tax and/or commercial law (e.g. EStG, SGB, HGB, StGB or AO) retention and recording obligations to store it for a longer period of time.

3. Legal basis

The legal basis for such data processing is Article 6(1)(1)(b) GDPR and Article 6(1)(1)(c) GDPR; we are obliged to process your data in order to duly and properly manage your case, where applicable.

4. Recipient

Due to our professional duty of secrecy, we generally are not permitted to pass on to any third party any data that we have gained knowledge as part of a client’s case. In order to assert and defend the rights of our clients, it may be necessary to transmit some of your personal data to your representative(s) (in particular your lawyer(s)) as well as to courts and other public authorities for the purpose of correspondence and to assert and defend the rights of our clients. Third parties may use such transmitted data solely for the purposes specified above.

External service providers are granted access to personal data solely, and without exception, for the purposes of file management and to service our IT infrastructure and only if such service provider(s) have agreed to take special precautions to protect your data under processor contracts and guarantee compliance with such precautions.

Within our law firm, only those members of our staff will gain access to your data who need to have knowledge of them in order to perform their duties within the framework of the retainer agreement.

5. Right to object and to request erasure

VI. PASSING ON PERSONAL DATA TO THIRD PARTIES

We generally only pass on your personal data to third parties if

you have given your express consent under Article 6(1)(1)(a) GDPR;
if processing is necessary to perform a contract concluded with you, Article 6(1)(1)(b) GDPR,
in case processing is necessary for compliance with a legal obligation, Article 6(1)(1)(c) GDPR.

The third party may use the transmitted data solely for the purposes specified above. Transmission of personal data to a third country (outside the EU) or an international organisation is prohibited.

Furthermore, external service providers are only, and without exception, granted access to personal data if they have committed themselves by contract to fulfil their special obligations as processors and guarantee that they have taken special precautions to protect your data.

VII. DATA SECURITY

We take all necessary technical and organisational security measures to protect personal data against loss and misuse. For example, data is stored in a secure operating environment that is not accessible to the public. Our security measures are continuously updated in line with technological developments.

We encrypt all e-mails using an SSL/TSL certificate. If the recipient(s) do/does not use the protocol to communicate with their server (data centre) the route is not encrypted.

By sending us emails you confirm that you are aware of the risks.

VIII. YOUR RIGHTS

You have the right

under Article 15 GDPR to obtain access to and information on the personal data concerning you that we have processed. In particular, you have the right to obtain information on the purposes of processing, the categories of personal data concerned, the categories of recipients to whom the personal data have been or will be disclosed, the envisaged period for which the personal data will be stored, the existence of the right to request rectification or erasure, or restriction of processing, or the right to object to such processing, the right to lodge a complaint, available information as to the source of the personal data where we have not collected them, and on the existence of automated decision-making, including profiling and, at least in those cases, meaningful information about the logic involved;
under Article 16 GDPR to obtain from the controller without undue delay the rectification of inaccurate personal data concerning you;
under Article 17 GDPR to obtain the erasure of your personal data stored by us, unless processing is necessary to exercise the right of freedom of expression and information, to comply with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims;
under Article 18 GDPR to obtain restriction of processing of your personal data where you contest the accuracy of the data, where processing is unlawful but you oppose the erasure and we no longer need the data but you need them for the establishment, exercise or defence of legal claims or if you objected to processing according to Article 21 GDPR;
under Article 20 GDPR to receive the personal data concerning you, which you provided to us, in a structured, commonly used and machine-readable format or the right to request transmission of such data to another controller;
under Article 7(3) GDPR to withdraw at any time the consent you previously granted. As a result of such withdrawal we shall no longer be permitted to continue the data processing conducted on the basis of such consent; and
under Article 77 GDPR to lodge a complaint with a supervisory authority. Generally, you can turn to the supervisory authority responsible for your habitual residence or your place of work, or for our offices.

For any of the above purposes, please send us an email to: mail@duennwald-legal.com or a letter addressed to: DÜNNWALD LEGAL, Tesdorpfstraße 11, 20148 Hamburg.

IX. RIGHT TO OBJECT

Where your personal data are processed on the basis of our legitimate interests under Article 6(1)(1)(f) GDPR, you have the right under Article 21 GDPR to object to the processing of your personal data on grounds relating to your particular situation.

If you wish to exercise your right to object, a simple email to mail@duennwald-legal.com suffices.

X. UPDATES AND AMENDMENTS OF THE PRIVACY POLICY

The present Privacy Policy is valid and effective and was last updated in January 2023. Amendments of the Privacy Policy may become necessary due to further developments of our website or due to changed legal or official rules and/or regulations.

For more information on data processing, please contact: mail@duennwald-legal.com.

Home