DE  EN

Privacy Policy

Privacy Policy of Weitnauer Partnerschip PLL Attorneys Tax Advisors

 

The protection of your data is a top priority for our team at Weitnauer Attorneys. We therefore exclusively process your personal data in compliance with the terms of this Privacy Policy as well as the relevant professional regulations (in particular the Professional Code of Conduct for Lawyers (Berufsordnung für Rechtsanwälte, BORA)), the provisions of the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG).

 

1. Name and contact details of Controller and Company Data Protection Officer
2. Collection, storage and deletion of personal data as well as type and purpose and data use
    Formation and conduct of client relationships
    Legal obligations, in particular in accordance with the GwG
    Legal defense
    Storage period and retention obligations
3. Visiting our websites
4. Making contact and exchanging data
     E-mail and telephone communications
     Audio and video conferencing solutions
     Risks concerning electronic communications
     iDGARD privacy boxes or data rooms
5. Newsletter
6. Google Analytics
7. Google Maps
8. Data disclosure to third parties
    Conduct of the client relationship
    Data processors
9. Rights of data subjects
10. Right to object

 

1. Name and contact details of Controller and Company Data Protection Officer

 

This privacy information pertains to data processing by all office locations and through all online services of our law firm:

 

Controller:
Weitnauer Partnerschaft mbB
Rechtsanwälte Steuerberater
Ohmstrasse 22, 80802 Munich, Germany
Email: muenchen@weitnauer.net
Phone number: +49 (0)89 - 383995-0
Fax number: +49 (0)89 - 383995-99

 

The Company Data Protection Officer of Weitnauer Attorneys can be contacted at the above address or at Datenschutzbeauftragter@weitnauer.net.

 

2. Collection, storage and deletion of personal data as well as type and purpose and data use

 

Formation and conduct of client relationships
If you retain us to provide legal services or are acting on behalf of a company or another organization that retains us to provide legal services, or if we contact you based on a client relationship, we will collect the following information:

 

  • Title, first name, last Name
  • Valid email address
  • Postal address
  • Phone number (landline and/or mobile phone)
  • If applicable, position in the company / organization, signatory powers, power of attorney
  • If applicable, information required for establishing and defending your rights within the scope of your case.

 

This data is collected in order to:

 

  • identify you as our client or as a natural person acting on behalf of a client or as our contact person on the opposite side;
  • appropriately advise and legally represent you as our client;
  • correspond with you;
  • invoice you;
  • process any applicable liability claims and assert any claims against you.

 

Data is processed in response to your request and processing is required pursuant to Art. 6 (1), sentence 1, lit. b, GDPR for the above-listed purposes to ensure adequate client service and for the mutual fulfillment of obligations arising from the client contract.

 

Legal obligations, in particular in accordance with the GwG
We will also process your data if and to the extent necessary to comply with our legal obligations, such as duties arising from legislation on tracing profits from serious criminal offenses (German Anti-Money Laundering Act; Geldwäschegesetz, GwG). For the purposes of preventing money laundering and the financing of terrorism, we may be obliged particularly to collect and process data for the secure verification of your identity and your financial and investment circumstances in accordance with § 10 GwG. The legal basis for this processing of personal data is Art. 6 (1), sentence 1, lit. c, GDPR. We would like to point out that according to § 11a GwG we are not obliged to provide information in the event of a possible transfer of your data to the competent supervisory authorities or the persons and institutions whose services the competent supervisory authorities use in the performance of their duties, or to the Central Office for Financial Transaction Investigations (Zentralstelle für Finanztransaktionsuntersuchungen), and you have no right to information in this respect.

 

Legal defense
If, in the course of a client-lawyer relationship, it should become necessary to defend ourselves against liability claims, or if we need to follow up with one of our clients with regard to any outstanding invoices, the associated necessary processing of personal data is based on our legitimate interest in the adequate defense of our legal position pursuant to Art. 6 (1), sentence 1, lit. f, GDPR.

 

Storage period and retention obligations
The personal data we collect in the context of client-lawyer relationships will be stored until the end of the legally mandated retention period for attorneys (6 years after the end of the calendar year, in which the client relationship ended) and will then be deleted, unless we are obligated to comply with longer storage requirements due to retention and documentation duties based on tax and trade law (from the German Commercial Code (Handelsgesetzbuch, HGB), German Value Added Tax Code (Umsatzsteuergesetz, UStG) or German Revenue Code, Abgabenordnung, AO) pursuant to Art. 6 (1), sentence 1, lit. c, GDPR, if further processing is required due to ongoing legal disputes, or if you have consented to further storage pursuant to Art. 6 (1), sentence 1, lit. a, GDPR.

 

3. Visiting our websites

 

When you access our websites www.weitnauer.net and/or www.techlawgermany.net, the browser deployed on your terminal device will automatically send information to our website server. This information is temporarily saved in a so-called log file. In this process, the following information will be collected without any action on your part and stored until its automated deletion, usually after one week:

 

  • IP address of the computer sending the request,
  • Date and time of website Access,
  • Name and URL of the retrieved file,
  • Website from which our site was accessed (referral URL),
  • Browser used and, if applicable, your computer’s operating system as well as the name of your access provider.

 

The above-listed data will be processed by us for the following purposes:

 

  • Ensuring a smooth connection setup to the website,
  • Ensuring easy use of our Website,
  • Evaluation of system security and stability,
  • Clarification of any improper page access (DoS/DDoS attacks, etc.), as well as
  • Further administrative purposes.

 

The legal basis for the processing of personal data is Art. 6 (1), sentence 1, lit. f, GDPR. Our legitimate interest is derived from the above-listed purposes for data collection. We generally do not use collected data for the purpose of drawing conclusions about your person. However, we reserve the right to do so if required to investigate improper page access.

 

We may offer links to third-party services on our website. However, we are not responsible for the processing of your data by these services.

 

4. Making contact and exchanging data

 

E-mail and telephone communications
If you have questions of any kind, we offer you the option to contact us by telephone or via email. If you make personal data available to us via these routes or through our websites (e.g. via a contact form), we will only save and use this data on the basis of Art. 6 (1), sentence 1, lit. a, GDPR, to process your inquiries or on the basis of Art. 6 (1), sentence 1, lit. b, GDPR if the subject of your inquiry relates to (pre-)contractual information. You may revoke your consent to the processing of the provided data at any time by sending an email to Datenschutzbeauftragter@weitnauer.net. In this case, we will delete your data, unless we have a legal retention obligation (for example, if you send us a pre-contractual message via the contact form which then becomes the basis of a contractual relationship or if your message refers to existing contractual relationships).

 

Audio and video conferencing solutions
Instead of personal meetings, we also offer you to hold audio or video conferences. For this purpose, we use the Teams solution of Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland. Microsoft regularly processes data in the USA. We have entered into an agreement with Microsoft including the EU Standard Contractual Clauses, and in this way ensure that the level of data protection is adequate even if data is processed in the USA (Art. 46 GDPR).

 

When using the audio or video conferencing solution, different types of data are processed, namely master data and contact data. The scope of the data also depends on the data you provide before or during participation in an audio or video conference. Furthermore, meeting metadata such as meeting title and description, participant IP addresses, device/hardware information, in case of recordings also MP4 files of all video, audio and presentation recordings, M4A files of all audio recordings, finally text files when using the chat functions are stored. If you dial in with the phone, information on incoming and outgoing phone number, country name, start and end time, connection data such as the IP address of the device, if applicable, are stored.

 

Of course, we will never make recordings without the prior consent of all participants.

 

The legal basis for this data processing is Art. 6 (1), sentence 1, lit. f, GDPR. Especially in view of the existing preventive measures to contain the COVID-19 pandemic, there is a legitimate interest in maintaining personal contact with our clients.

 

Risks concerning electronic communications
We would like to point out that the use of electronic or other communication channels involves risks for the confidentiality of communication between you and us; this applies in particular to the use of e-mail. E-mails are transmitted in an encrypted form based on cryptographic industry standards such as TLS/SSL. End-to-end e-mail encryption according to the S/MIME standard is possible on request, as is the provision of so-called privacy boxes or data rooms in the iDGARD application (see next section). If you contact us electronically by e-mail or in any other way, we may assume your consent to the further use of these communication channels by us (§ 2 para. 2 BORA). Notwithstanding this, we will again draw your attention to the existing risks for the confidentiality of the communication in an appropriate manner.

 

iDGARD privacy boxes or data rooms
For the exchange of personal or otherwise confidential and therefore classified information, we offer the use of so-called privacy boxes and data rooms in the iDGARD application. iDGARD is a web application operated by Uniscon universal identity control GmbH, Ridlerstrasse 57, 80339 Munich under www.idgard.de. In order to create an access, we process your contact data for the purpose of conducting the client relationship (Art. 6 para. 1 p. 1 lit. b DSGVO) or, in the case of other parties involved who are not our clients, on the basis of the legitimate interest in the most secure data exchange possible (Art. 6 para. 1 p. 1 lit. f DSGVO). After you have activated access and chosen a password, we can exchange information via the application or make it available within the application. Whenever new information is uploaded, the authorized persons of the respective Privacy Box or data room receive an e-mail notification. This e-mail does not contain any information about the content of the uploaded information. Accesses and uploaded information will be deleted after the end of the respective project or at the latest when the client relationship ends.

 

Uniscon does not collect any automatic log file data nor does it store such data. iDGARD protects both the contents and the metadata when using the so-called privacy boxes and data rooms, i.e. who communicates how much with whom and when. The protection also includes protection against the provider of the service, i.e. Uniscon itself. The contents of the privacy boxes and data rooms are protected against access by the state. There is no external tracking or internal collection of user behavior. Cookies are used exclusively for the so-called session management to ensure a stable process. These cookies are deleted from your computer as well as from iDGARD after the end of the session.

 

5. Newsletter

 

If you provide us with your email address to subscribe to our newsletter, we will use this email address based on your consent according to Art. 6 (1), sentence 1, lit. a, GDPR, for the purpose of sending you the newsletter. You may object to this use of your email address at any time by sending an email to Datenschutzbeauftragter@weitnauer.net. In this case, we will stop sending you the newsletter and will delete your email address, unless we have a legal retention obligation.

 

6. Google Analytics

 

For the purpose of designing and continuously optimizing our websites www.weitnauer.net and www.techlawgermany.net according to our visitors’ needs, we use Google Analytics, a web analysis service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, on the basis of your consent (Art. 6 para. 1 sentence 1 lit. a GDPR), which you can voluntarily give us by clicking on the corresponding button ("Accept") or reject the use of Google Analytics ("Reject") in the "cookie banner" when you call up the website. We will store your selection in a separate cookie (Art. 6 (1), sentence 1, lit. f, GDPR) on the basis of the legitimate interest in respecting your decision and no longer displaying the cookie banner.

 

Data will also regularly be transmitted to Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) as part of the processing described below. Google Ireland Limited and Google LLC are hereinafter jointly referred to as "Google". We have entered intoan agreement with Google including the EU Standard Contractual Clauses, and in this way ensure that the level of data protection is adequate even if data is processed in the USA (Art. 46 GDPR). In addition, when activating the tool, your expressly declare your consent to the data transfer (Art. 49 (1), lit. a GDPR).

 

Google Analytics creates pseudonymized user profiles for us. To do so, Google uses cookies. These are small files that your browser automatically creates and that are stored on your device (laptop, tablet, smartphone, etc.) when you visit this website. The cookie is used to store information that is related to the specific device you are using. However, this does not mean that we will immediately become aware of your identity. These cookies are automatically deleted after 14 months.

 

The Google Analytics cookies collect information about your use of this website, such as

 

  • Browser type/Version,
  • operating system,
  • Referrer URL (the previously visited page),
  • Host name of the accessing computer (IP address),
  • Time of the server request.

 

These data are transferred to a Google server in the USA and stored there. Google will use them to evaluate the use of our website, to compile reports on website activity and to provide other services relating to website activity and internet usage to be used by us for market research purposes and to tailor these internet pages to meet our visitors’ requirements. The data may also be transferred to third parties if this is required by law or if third parties act as sub-processors of Google. Under no circumstances will your IP address be merged with other Google data. The IP addresses are regularly anonymized within the European Union or the EEA and only then transferred to the USA, so that an assignment is not possible (IP masking).

 

You can avert the collection of data generated by the cookie and relating to your use of the website (including your IP address) and the processing of this data by Google by downloading and installing a browser add-on (https://tools.google.com/dlpage/gaoptout?hl=en).

 

As an alternative to the browser add-on, especially for browsers on mobile devices, you can also avert Google Analytics from collecting these data by clicking on this link. An opt-out cookie is set to prevent your data from being collected when you visit this website in the future. The opt-out cookie applies only to this browser and only to our website and is placed on your device. If you delete the cookies in this browser, you will need to set the opt-out cookie again.

 

Further information on data protection in connection with Google Analytics can be found in the Google Analytics help section (https://support.google.com/analytics/answer/6004245?hl=en).

 

7. Google Maps

 

On our websites, we also make use of Google Maps, another service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Data will also regularly be transmitted to Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) as part of the processing described below. Google Ireland Limited and Google LLC are hereinafter jointly referred to as "Google". We have entered into an agreement with Google including the EU Standard Contractual Clauses, and in this way ensure that the level of data protection is adequate even if data is processed in the USA (Art. 46 GDPR). In addition, when activating the tool, you expressly declare your consent to the data transfer (Art. 49 (1), lit. a GDPR).

 

Google Maps offers an interactive map which enables website visitors to conveniently display our law firm’s offices and have planned a route to either of these locations. By incorporating this service, data of our website visitors may be transmitted to Google. However, this will only happen, once you have declared your express consent to such transmission (Art. 6 para. 1 sent. 1 lit. a GDPR).

 

If you have given us your consent and, therefore, the map is shown to you, Google will receive the information that you have visited the respective subpage of our website. In addition, Google will receive and store on its own servers further information concerning your visit to our website (including your IP address). Please note that such transmissions and storage of data would happen regardless of whether you are logged in to a Google account or not. However, if you are logged in to your Google account, Google will connect the information it received from your visit to our website with your user account.

 

Google stores such data as usage profiles and uses personal data for purposes of advertising and market research, and/or in order to optimize its own services according to its customers’ needs. Any analysis of personal data by Google will especially serve the purpose of providing you with personalized advertisements and to inform other users about your activities also on our website. Please note that you have a right to object to such profiling, whereby any such objection must be sent directly to Google. If you do not want to have your visit to our website connected to your Google account, we strongly advise you to log-off from your account before consenting to the use of Google Maps on our website.

 

Further information on the purposes and the scope of the collection and processing of personal data by Google can be found in Google’s privacy information, likewise further information on your rights in this regard and the setting options you have to safeguard your privacy: http://www.google.de/intl/de/policies/privacy.

 

8. Data disclosure to third parties

 

Your personal data will not be disclosed to third parties except for the purposes listed below.

 

Conduct of the client relationship
Your personal data will be disclosed to third parties to the extent required for processing the client-lawyer relationship with you pursuant to Art. 6 (1), sentence 1, lit. b, GDPR. This includes, in particular, disclosure to opponents and their representatives (especially their attorneys) as well as courts and other government authorities for the purpose of correspondence as well as to establish and defend your rights.

 

As far as required for fulfilling a client agreement or to establish, exercise or defend legal claims, we will also transmit personal data to countries outside of the European Union or other signatory state of the European Economic Area (third country), or to an international organization. This may particularly be the case in matters with a substantive reference to a third country or an international organization (e.g. negotiations with a party established in a third country). Such data transmissions will occur on the basis of Art. 49 (1), sentence 1, lit. b or lit. e, GDPR, unless there are other guarantees for maintaining an adequate data protection level (for example, an adequacy decision of the EU Commission).

 

Data processors
In addition, we maintain contracts with IT service providers as well as infrastructure and platform service providers to process your data. This data processing occurs within the European Union. Our legitimate interest is to guarantee reliable and safe data processing for the performance of our activities and the management of our law firm with the support of professional service providers.

 

The attorney-client privilege will not be affected. To the extent data are subject to the attorney-client privilege, transmission to third parties will only be made to carefully selected service providers who have entered into a non-disclosure agreement and confidentiality obligation with us pursuant to Sec. 43e, Federal Lawyers’ Act (Bundesrechtsanwaltsordnung, BRAO) and have received instructions about the criminal nature of breaching attorney-client privilege.

 

9. Rights of data subjects

 

You have the following rights:

 

  • If we process personal data on the basis of your consent, to withdraw your consent at any time in accordance with Art. 7 para. 3 GDPR; as a result, we may no longer continue to process the data based on this consent in the future; the withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal;
  • To request without delay the rectification of incorrect or incomplete personal data stored by us according to Art. 16 GDPR;

 

  • To request, according to Art. 17 GDPR, the erasure of personal data stored with us, unless the processing is necessary for exercising the right of freedom of expression and information, full compliance with legal obligations, for reasons of public interest, or for the establishment, exercise or defense of legal Claims;

 

  • To request restriction of processing your personal data according to Art. 18 GDPR, if you contest the accuracy of the data, if the processing is unlawful but you oppose the erasure of the data, and if we no longer need the personal data but you require them for the establishment, exercise or defense of legal claims, or if you exercised your right to object to processing according to Art. 21 GDPR;

 

  • To request your personal data, which you have provided to us, in a structured, commonly used and machine-readable format or to demand the transmission to another controller according to Art. 20 GDPR; and

 

  • To lodge a complaint with a supervisory authority in accordance with Art. 77 GDPR. You can generally contact the supervisory authority at your usual place of residence or workplace or at our seat for this purpose.

 

To exercise this right to object, it is sufficient to send an email to Datenschutzbeauftragter@weitnauer.net.

 

10. Right to object

 

To the extent your personal data is processed on the basis of legitimate interests pursuant to Art. 6 (1), sentence 1, lit. f, GDPR, you have the right to object to the processing of your personal data pursuant to Art. 21, GDPR on grounds relating to your particular situation.

 

To exercise this right to object, it is sufficient to send an email to Datenschutzbeauftragter@weitnauer.net.

 

You can view this privacy policy here.