Privacy policy

Thank you for visiting our privacy policy. We, RellermeyerPartner Rechtsanwälte PartG mbB, are the responsible body for your personal data as far as the following processing operations are concerned. In the following we would like to inform you in particular about

• how we treat your personal data (Section B),
• the processing operations involved (from section C), and
• which rights you are entitled to as a data subject in principle (Section G).

Please note that some of the terms used here originate from Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (the so-called “General Data Protection Regulation”, hereinafter referred to as “GDPR”). Most terms are defined in Art. 4 GDPR. If you are unable to understand our explanations, please contact us using the contact details given in Section I. We will be happy to help you at any time.

Table of contents

A. Our contact details

B. Principles of our data processing operations

I. Earmarking
II. Legal bases
III. Deletion of data
IV. Disclosure of personal data to third parties
V. Processing of data in so-called third countries

C. Data processing when accessing our website

I. Log file
II. Cookies
III. Google Maps
IV. Data security

D. Data processing for mandate relationships

I. Purpose, legal basis and storage period
II. Disclosure of data to third parties

E. Data processing when contacting us

I. Purpose and legal basis
III. Right to object
II. Duration of storage and periods for erasure

F. Data processing for applications

I. Purpose and legal basis
II. Duration of storage and periods for cancellation

G. Your rights as data subject

I. Right to object in the case of processing for legitimate reasons (Art. 6 para. 1 sentence 1 lit. f, 21 para. 1 GDPR)
II. Right to withdraw the given consent (Art. 7 para. 3 GDPR)
III Right of access (Art. 15 GDPR)
IV. Right to rectification (Art. 16 GDPR)
V. Right to erasure (Art. 17 GDPR)
VI Right to restriction of processing (Art. 18 GDPR)
VII Right to data portability (Art. 20 GDPR)
VIII Right to lodge a complaint (Art. 77 GDPR)

A. Our contact details

RellermeyerPartner Rechtsanwälte PartG mbB
Niederkasseler Lohweg 18
40547 Düsseldorf, Germany

Phone: +49 211 72507-0
Fax: +49 211 72507-77

The data protection officer can furthermore be contacted at datenschutz@rellermeyer.de.

B. Principles of our data processing operations

In this section you will find basic information about our handling of your personal data. The information presented here applies to all data processing operations carried out by us as the Data Controller.

Insofar as we are able to provide further details within individually listed data processing procedures starting with Section C, we shall specify our explanations at the appropriate sections. Please note that you may have rights as a data subject (Section G).

I. Earmarking

We process your personal data only as far as we follow legitimate purposes. As a rule, data processing only takes place for the purpose of providing our services, including our online services (e.g. the provision of our website).

II. Legal bases

We process your personal data only to the extent that at least one of the following legal bases is applicable:

1. Consent (Art. 6 para. 1 sentence 1 lit. a GDPR)

In individual cases we ask you for your consent to process certain personal data for previously defined and communicated purposes in accordance with Art. 6 Para. 1 S. 1 lit. a GDPR.

In general, we obtain your consent electronically and record the content and the granting of consent. In this case, consent is given by means of an “opt-in” procedure (confirming action by ticking the appropriate box) or, if necessary to identify the data subject, by means of a “double opt-in” procedure (additional confirmation of identity by receiving an e-mail with a confirmation link that you must click on). Only when placing cookies (cf. Section C Number II) do we use a different collection procedure.

If you have given your consent, you are entitled to revoke it. Please note the more detailed information on your right of revocation under Section G Number II.

2. Performance of a contract (Art. 6 para. 1 sentence 1 lit. b GDPR)

When taking steps at your request prior to entering into a contract or when necessary for the performance of a contract, we rely on the legal basis of Art. 6 Para. 1 S. 1 lit. b GDPR. This applies, for example, to your contact data, which we need to process the contract and to communicate with you.

3. Compliance with a legal obligation (Art. 6 para. 1 sentence 1 lit. c GDPR)

If we process data to comply with a legal obligation (e.g. commercial or tax obligations), Art. 6 Para. 1 S. 1 lit. c GDPR is the legal basis.

4. Protection of vital interests (Art. 6 para. 1 sentence 1 lit. d GDPR)

If vital interests of the data subject or another natural person necessitate the processing of personal data, Art. 6 para. 1 sentence 1 lit. d GDPR is the legal basis.

5. Performance of tasks carried out in the public interest or in the exercise of official authority (Art. 6 para. 1 sentence 1 lit. e GDPR)

For the processing of personal data when performing tasks carried out in the public interest or in the exercise of official authority, we refer to the legal basis of Art. 6 Para. 1 S. 1 lit. e GDPR.

6. Pursuing legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR)

Pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR, we process personal data if we pursue our legitimate interests or those of a third party and if these interests outweigh your interests, fundamental rights and fundamental freedoms. In these cases you may have the right to object to the processing. Please note the further details on your right to object under section G Number I.

III. Deletion of data

We will delete your personal data as soon as the purpose of the processing has been achieved or otherwise ceases to apply, unless further storage is provided for by law, for example in accordance with Art. 17 para. 3 GDPR. In order to ensure that deletion is carried out on time, we follow our own deletion concept, which is based on the deletion of personal data at the end of certain storage and deletion periods, which we subdivide according to the following criteria:

• We keep accounting receipts and balance sheets for 10 years (§ 257 para. 1, esp. no. 4, para. 4 HGB, § 238 para. 1 HGB (German Commercial Code)),
• We keep commercial letters, contracts and correspondence within the framework of the initiation and performance of contracts for 6 years in accordance with § 257 para. 1 no. 2-3, para. 4 HGB,
• Documents and associated personal data which may lead to claims (e.g. warranty claims) are retained by us until expiry of the corresponding limitation period (in accordance with § 195 BGB in principle three years),
• With other personal data, which do not fall under the aforementioned categories, we delete data immediately after reaching the purpose.

IV. Disclosure of personal data to third parties

We only disclose personal data to third parties if we are legally obliged or entitled to do so. The following categories of recipients fall under these categories:

• Our contractual partners who support us in fulfilling our (pre)contractual obligations towards you (e.g. logistics and payment service providers),
• Administrative authorities (e.g. financial or supervisory authorities), and
• Courts.

If required, we can provide you with a list of the specific recipients of your personal data.

V. Processing of data in so-called third countries

As a rule, the processing of your personal data takes place only in countries within the EU and/or the European Economic Area, which are subject to the scope of the GDPR. In all other so-called “third countries”, we only transfer your personal data if an appropriate level of data protection is in place in the respective third country or at the respective recipient in the third country in accordance with Art. 44 ff. GDPR is guaranteed by:

• the existence of a so-called “adequacy decision” of the European Commission,
• by using so-called “EU standard contractual clauses”, or
• in the case of transmission to the USA by the so-called “EU-US Privacy Shield”. Information on participants in the EU-US Privacy Shield can be found at: www.privacyshield.gov/list.

C. Data processing when accessing our website

In this section, we will inform you how data is processed on our website.

I. Log file

When you visit our website, the browser you use on your device automatically sends information to the server of our website. This information is temporarily stored in a so-called “log file”.

1. Data collected

The following information is automatically collected when you visit our website and stored until it is automatically deleted:

• the anonymous IP address of the requesting computer,
• Information about the device type (mobile device, desktop computer, etc.), browser type and version used, as well as the operating system of your (mobile) device,
• Date and time of access to our website,
• Website from which the user accesses our website (so-called “Referrer-URL”), and
• Websites that the user’s system accesses through our website.

2. Purpose and legal basis

With the collection and processing of “log data” we pursue the following purposes on the basis of the following legal basis:

• Provision of the contents of our website to the user, which also requires the temporary storage of the IP address to enable the user to communicate with our website. The legal basis for this data processing – i.e. for the duration of your website visit – is Art. 6 para. 1 sentence 1 lit. b GDPR, insofar as a mandate or relationship is to be established, as well as Art. 6 para. 1 sentence 1 lit. f GDPR, whereby our legitimate interest follows from the fact that we can make the provision of content possible and set it up appropriately in the first place.

• Ensuring a smooth connection and comfortable use of our website, evaluation of system security and stability as well as for other administrative purposes. This is achieved by processing and storing the IP address in the log files beyond the communication process. This is also based on Art. 6 para. 1 sentence 1 lit. f GDPR and our legitimate interest just mentioned.

Under no circumstances do we use the collected data for the purpose of drawing conclusions about your person.

3. Duration of storage and deletion periods

The data is deleted when the purpose for which it was collected no longer applies. Regarding the provision of the contents of our website, the data is deleted as a matter of principle when you leave our pages and the session is thus terminated.

If the purposes of system security and stability are pursued, log data will be stored for a maximum of eight weeks after the end of the session. Beyond these eight weeks, storage or other processing may only take place in such a way that the IP addresses of the users are deleted or changed (e.g. by anonymization or pseudonymization) after the expiration of the aforementioned storage period of eight weeks. After that, it is no longer possible to assign the log data to an IP address and thus to the user.

4. Right to object

As a matter of principle, you are entitled to a right to object – as we state in Section G, Item I – insofar as we rely on legitimate interests. However, since the data processing described above is absolutely necessary for the operation of our website, you can only assert a right to object if your particular situation gives rise to reasons which do not permit processing to the extent described above. As a rule, however, we can prove the above-mentioned mandatory necessity of data processing.

II. Cookies

We use cookies on our site. We have already informed you about the use of cookies via our cookie banner. The information provided here is intended to provide more comprehensive and supplementary information.

Cookies are small text files that your browser automatically generates and stores on your device (PC, laptop, tablet, smartphone, etc.) when you visit our website. Cookies do not contain viruses, Trojan horses or other malware, but information that uniquely identifies the browser when you return to the same website. Setting cookies does not give us any immediate knowledge of your identity, but depending on the type of cookie placed and the possibility of assigning a cookie to an IP address, it is always possible to establish a personal reference to the user. However, we do not use this opportunity to identify the user. The following types of cookies may be used by us during your visit:

• Session cookies: Session cookies, also known as transient cookies, store a so-called session ID with which various requests from your browser can be assigned to the shared session.
• Persistent cookies: Persistent cookies, also known as tracking cookies, store information regarding the settings and preferences that you specify when you visit our website. Examples of this are language settings. These cookies enable us to automatically recognize that you have already visited our site when you visit it again. These cookies are automatically deleted after a defined period of time.

We do not process any information from so-called third-party cookies. These are Cookies whose information content is not provided by our web servers, but by third parties.

1. Purpose and legal basis

The use of cookies serves to enable the provision of our website and the complete use of our offer and to make it more convenient for you. This includes the optimization of user-friendliness, since depending on the hardware and software used by the user, other settings are required for optimal display. In addition, for example, information once entered does not have to be re-entered as soon as you access another website or even another page of our website. Functions such as language settings etc. would not be possible without the use of cookies.

The legal basis for the use of our cookies with regard to the provision of our website and the full use of our services is Art. 6 Para. 1 sentence 1 lit. b GDPR, insofar as the use is necessary in the sense of contract performance or for the implementation of pre-contractual measures. Insofar as we use cookies for analysis and statistical recording, we rely on Art. 6 Para. 1 S. 1 lit. f GDPR, as they are also used to pursue our legitimate interests for the purpose of optimally providing our online services.

2. Duration of storage and deletion periods

The session cookies are stored by your browser only for the duration of your browser session and are deleted when you close your browser. Persistent Cookies remain stored for up to eight weeks on the device you are using.

3. Right to object and possibility of removal

You were informed about the use of cookies and referred to this data protection declaration by an information banner when you called up our website. You have also been granted the right to object to the use of pseudonymous data. You can find out more about the right to object under section G number I.

In addition, you as a user can decide for yourself whether and how cookies are used or stored by your browser. You can configure your browser so that no cookies are stored on your computer or a message always appears before a new cookie is created. You can delete cookies that have already been created or have them automatically deleted by your browser. However, if you disable cookies completely, you may not be able to use all the features of our website.

III. Google Maps

On our web pages we use the offer of Google Maps.

1. Purpose and legal basis

The use of Google Maps allows us to display interactive maps directly on the website and enables the visitor to comfortably use the map function of Google Maps. This function enhances the overall user-friendliness of our website, for example by making it easier for you to find us. In particular, your IP address is used to be able to use the function.

We base our legitimate interest in being able to offer and use these functions and in being easier to find for the users of our website on Art. 6 Para. 1 S. 1 lit. f GDPR.

2. Recipient of the data

Google Maps is also operated by Google. By visiting the website, Google receives the information that you have accessed the corresponding subpage of our website. However, setting up the Google Maps function does not mean that we are the Data Controller for collecting this information under data protection law. Google remains the Data Controller.

The information will be transmitted to Google whether or not you have a Google Account that you are logged in to. If you are logged in at Google, your data will be assigned directly to your account. If you do not want this, you must log out before activating the button. Google stores your data as user profiles and uses them for the purposes of advertising, market research and/or the design of its website in line with requirements. Such evaluation is primarily carried out (also for users who are not logged in) to provide demand-oriented advertising and to inform other users of the social network about your activities on our website.

3. Right to object and possibility of removal

You have a right to object (see section G number I) against this use vis-à-vis Google. You can and must address this to Google. If you would like to know more about the purpose and scope as well as your rights and technical settings for data collection, you can visit Google’s privacy policy at: http://www.google.de/intl/de/policies/privacy. Google’s data processing also takes place in the USA, a third country. Data protection is ensured by EU-US Privacy Shield (see Section B.V).

IV. Data security

We use the most common SSL (Secure Socket Layer) method in connection with the highest level of encryption supported by your browser. As a rule, this is a 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can tell whether an individual page of our website is transmitted in encrypted form by the closed representation of the key or lock symbol in the lower status bar of your browser.

We use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.

D. Data processing for mandate relationships

I. Purpose, legal basis and storage period

If you mandate us, we usually collect the following information:

• title, first name, last name
• a valid e-mail address,
• current Address,
• telephone number (landline and/or mobile), and
• other information necessary to enforce and defend your rights under the mandate.

These data are collected,

• to identify you as our client;
• in order to advise and represent you appropriately;
• to correspond with you;
• for invoicing;
• for the settlement of any claims arising from the mandate relationship.

The data processing is carried out at your request and is required according to Art. 6 para. 1 sentence 1 lit. b GDPR for the stated purposes for the appropriate processing of the mandate and for the mutual fulfilment of obligations arising from the mandate agreement.

The personal data collected by us for the mandate will be stored until the end of the legal retention obligation for lawyers (6 years after the end of the calendar year in which the mandate was terminated) and deleted thereafter, unless we are obliged under Article 6 para. 1 sentence 1 lit. c GDPR due to tax and commercial storage and documentation obligations (from HGB, StGB or AO) to a longer storage or you have consented to a storage going beyond Art. 6 para. 1 sentence 1 lit. a GDPR. In all other respects, our general periods for deletion shall apply (Section B, number III).

II. Disclosure of data to third parties

We only pass on your personal data to third parties insofar as this is necessary in accordance with Art. 6 Para. 1 S. 1 lit. b DSGVO for the handling of client relationships with you or insofar as the passing on of such data is provided for by law.

This includes, in particular, the disclosure to opponents of proceedings and their representatives (in particular their lawyers) as well as to courts and other public authorities for the purpose of correspondence and for asserting and defending your rights, but also to payment service providers and tax authorities. The data disclosed may only be used by third parties for the aforementioned purposes. The attorney-client privilege remains unaffected. As far as data is concerned which is subject to the attorney-client privilege, it will only be passed on to third parties in consultation with you.

E. Data processing when contacting us

You are welcome to contact us. In this case, we will process the contact data you have provided us with, such as your e-mail address, telephone number and other data provided by you (voluntarily).

I. Purpose and legal basis

The processing takes place in order to be able to process your request. The legal basis is Art. 6 para. 1 sentence 1 lit. b GDPR when entering into a mandate relationship and/or another contractual relationship and in other cases Art. 6 para. 1 sentence 1 lit. f GDPR, as we have a legitimate interest in being able to contact you to answer your request.

II. Duration of storage and periods for erasure

All aforementioned data will be deleted as soon as we have processed your request and further clarification is no longer necessary. Otherwise, our general periods for deletion shall apply (Section B, number III).

III. Right to object

After you have contacted us, you may withdraw your request at any time and object to any further processing of the data (cf. Section G, Item I) if no mandate or contractual relationship has been established.

F. Data processing for applications

We are looking forward to (unsolicited) applications. It goes without saying that absolute discretion is maintained during the application process. We therefore take particular care in handling your application documents.

I. Purpose and legal basis

The processing of your application documents and the associated personal data is carried out in order to be able to consider you appropriately and expediently when filling our vacant positions. This is done on the legal basis of Art. 6 (1) sentence 1 lit. b GDPR.

II. Duration of storage and periods for cancellation

We delete the personal data that you provide in your application documents, at the latest six months after completion of the application process.

If you would like to continue to be considered when filling future positions, you can give us your consent. Please contact us in this regard.

G. Your rights as data subject

If you are affected by our processing of your personal data, you may be entitled to the following rights:

I. Right to object in the case of processing for legitimate reasons (Art. 6 para. 1 sentence 1 lit. f, 21 para. 1 GDPR)

If personal data is processed to pursue legitimate interests (Art. 6 Para. 1 S. 1 lit. f GDPR), you may object to the processing of your personal data at any time on grounds relating to your particular situation. If you wish to object, please contact us or our data protection officer at the contact details provided in Section A). You do not incur any further costs for this than the transmission costs according to the basic tariffs of your telecommunications provider. If you file an objection, we will no longer process your personal data unless we can prove compelling reasons for the processing worthy of protection which outweigh your interests, rights and freedoms of the person concerned, or the processing serves the assertion, exercise or defence of legal claims.

II. Right to withdraw the given consent (Art. 7 para. 3 GDPR)

You can revoke your consent once given at any time with effect for the future – completely or partially – without incurring costs under our contact data (above section A). The legality of the processing of the data covered by the consent on the basis of the consent up to the revocation remains unaffected by the revocation.

III. Right of access (Art. 15 GDPR)

You have the right to request information about your personal data processed by us. This right to information includes

• the processing purposes;
• the categories of personal data processed by us;
• the categories of recipients to whom your information has been or will be disclosed;
• if personal data are transferred to so-called “third countries” (cf. Section B No. V) outside the scope of the GDPR, whether and how we ensure an adequate level of protection by means of suitable guarantees (Art. 45, 46 GDPR) for the data recipient in the third country;
• the planned storage period, as far as we can judge this; if an assessment and the indication of the storage period are not yet conclusively possible, we shall at least provide information on the criteria for determining the storage period (e.g. limitation periods, statutory storage periods, cf. also Section B, III);
• Your right to rectification, erasure, restriction of processing and objection to the processing of personal data concerning you;
• the existence of a right to lodge a complaint to a supervisory authority;
• the origin of the data, if not collected by us; as well as
• the existence of automated decision-making, including profiling, referred to in Art. 22 Para. 1 and 4 GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

You have the right to request a copy of your personal data processed by us. You will not incur any costs for the first data copy, for further data copies we will charge a reasonable fee. If you assert this right, we will generally make the data copy available in electronic form for lack of other information. The provision shall be subject to the rights and freedoms of other persons who may be affected by the transmission of the data copy.

IV. Right to rectification (Art. 16 GDPR)

You have the right obtain from us without undue delay the rectification of inaccurate personal data concerning you or have your incomplete personal data completed..

V. Right to erasure (Art. 17 GDPR)

You have the right to demand from us the immediate erasure of your personal data stored with us, as far as

• you have withdrawn your consent to data processing, unless there is another legal basis for data processing;
• the storage or other processing of your personal data is no longer necessary for the purposes for which it was collected and processed;
• you have lodged an objection against data processing pursuant to Art. 21 GDPR and there are no prior legitimate reasons for further processing; in the case of direct marketing pursuant to Art. 21 para. 2 GDPR, erasure shall take place unconditionally on the basis of an objection;
• your personal data have been unlawfully processed;
• it concerns data of a child which have been collected in relation to services of the information society pursuant to Art. 8 para. 1 GDPR.

If we have made personal data public, we will also inform other persons responsible within the scope of what is technically possible and reasonable about their request for erasure, including the erasure of links, copies and/or replications.

The aforementioned rights to the erasure of your personal data do not exist insofar as the processing of your personal data is not carried out.

• on the exercise of freedom of expression and information;
• to fulfil a legal obligation required by the law of the European Union or of the Member States to which we are subject, or to perform a task carried out in the public interest or in the exercise of official authority vested in us;
• for reasons of public interest in the field of public health pursuant to Art. 9 para. 2 lit. h and i GDPR and Art. 9 para. 3 GDPR;
• for archive purposes in the public interest, scientific or historical research purposes or for statistical purposes pursuant to Art. 89 para. 1 GDPR, insofar as your right of cancellation presumably makes it impossible or seriously impairs the realization of the objectives of such processing, or
• for the assertion, exercise or defence of legal claims

is required.

VI Right to restriction of processing (Art. 18 GDPR)

You have the right to ask us to restrict the processing of your personal data (i.e. to limit the processing to mere storage) if one of the following cases applies:

• You have disputed the accuracy of your personal data. For the duration of our check for correctness, you may request that your data not be used for other purposes and be restricted to this extent.
• The processing is unlawful and you refuse to delete personal data pursuant to Art. 17 para. 1 sentence 1 lit. d GDPR and instead demand the restriction of the use of personal data pursuant to Art. 18 GDPR.
• We no longer need the personal data for the purposes of processing, but you need it to assert, exercise or defend legal claims. In this case, you may request that the processing be limited to the aforementioned purposes.
• objected to processing pursuant to Art. 21 Para. 1 GDPR pending the verification whether the legitimate grounds of the controller override those of the data subject.

If we have restricted the processing of your personal data at your request, we may and will process this data – apart from storing it – only with your consent or to assert, exercise or defend legal claims or to protect the rights of another natural or legal person or for reasons of an important public interest of the European Union or a Member State.

Should a processing restriction be lifted, you will be informed of this in advance.

VII Right to data portability (Art. 20 GDPR)

You have the right to receive the personal data concerning you which you have provided to us in a structured, common and machine-readable form and you have the right to transmit this data to another responsible person without being hindered by us, provided that

• the processing is based on a consent pursuant to Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a GDPR or on a contract pursuant to Art. 6 para. 1 sentence 1 lit. b GDPR and
• processing is carried out using automated procedures.

As far as it is technically feasible, you can also request us to transfer your personal data directly to another Data Controller.

The exercise of the right to data portability does not affect the right to erasure (Art. 17 GDPR). However, the right to data portability does not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority entrusted to us.

You may not exercise the right to data portability if this would undermine the rights and freedoms of others.

VIII Right to lodge a complaint (Art. 77 GDPR)

We always process personal data in accordance with the law. If you still have reason to believe that we have violated any applicable privacy laws, you may at any time contact the appropriate European Union or Member State regulatory authority and lodge a complaint. The competent authority is the supervisory authority of your usual place of residence, workplace or the place of suspected infringement. The processing of personal data carried out by us as the Data Controller is supervised by the following supervisory authority:

LDI North Rhine-Westphalia
P.O. Box 20 04 44
40102 Düsseldorf
Germany

Phone: +49 211 38424-0
Fax: +49 211 38424-10
E-mail: poststelle@ldi.nrw.de
Website: www.ldi.nrw.de

Under the following link you will also find a list of all supervisory authorities for data protection:

https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/addresses_links-node.html