Data protection information

We would like to inform you which personal data we collect when you use our website and offers. According to the General Data Protection Regulation (GDPR), personal data is any information relating to an identified or identifiable natural person, such as name, address, e-mail address, user behavior.

Who is responsible for collecting your data?

SKW Schwarz Rechtsanwälte Steuerberater Partnerschaft mbB (hereinafter "SKW Schwarz") is responsible for data processing in accordance with Art. 4 (7) GDPR.

Here are our contact details:

Address: Wittelsbacherplatz 1, 80333 Munich
Telephone: +49 (0)89 2 86 40 - 0
E-mail: muenchen@skwschwarz.de 

You can reach our external data protection officer here:

Name: Dr. Volker Wodianka
E-mail: volker.wodianka@privacy-legal.de

You can also send a letter to our address; please write "For the attention of the data protection officer" on the envelope.

What information do we collect?

We have compiled the information on data processing separately for you according to data subject groups.

1. visitors to the website

2. visitors to the social media profiles of SKW Schwarz

3. recipients of invitations and newsletters

4. participants in events

5. interested parties and communication partners

6. applicants for an employment relationship

7. general information and rights of the data subjects

1. Visitors to the website

1.1 Informational use of our website

When using the website for purely informational purposes, we collect data for the purpose of providing the website content you have accessed and to ensure the security of the IT infrastructure used. This also helps with troubleshooting and enables a more efficient and user-friendly search on the website. The following personal data is transmitted from your browser to our server

  • IP address,
  • Date and time of the request,
  • Time zone difference to Greenwich Mean Time (GMT),
  • Content of the request (specific page),
  • Access status/http status code,
  • Amount of data transferred in each case,
  • Website from which the request originates (referrer URL),
  • Browser,
  • Operating system and its interface,
  • Language and version of the browser software.

The legal basis for the processing is our legitimate interest in operating a website to provide information about our services and events in accordance with Art. 6 (1) (f) GDPR.

The data is automatically provided by the website visitor's browser. The processing of your data is technically necessary, which is why it is not possible to use the website without disclosing the listed personal data.

IP addresses are anonymized after 24 hours at the latest. Pseudonymous usage data is deleted after six months.

1.2 Web analysis

We use the services of etracker GmbH from Hamburg, Germany (www.etracker.com) to analyze usage data. We do not use cookies for web analysis by default. If we use analysis and optimization cookies, we will obtain your express consent in advance. If this is the case and you give your consent, cookies are used to enable a statistical analysis of the reach of this website, to measure the success of our online marketing measures and test procedures, e.g. to test and optimize different versions of our online offering or its components. Cookies are small text files that are stored by the Internet browser on the user's end device. etracker cookies do not contain any information that enables a user to be identified.

The data generated with etracker is processed and stored by etracker on behalf of the provider of this website exclusively in Germany and is therefore subject to the strict German and European data protection laws and standards. etracker has been independently audited, certified and awarded the ePrivacyseal data protection seal of approval. Further information on etracker's data protection regulations can be found here.

Data processing is carried out on the basis of the legal provisions of Art. 6 para. 1 lit. a) (consent) of the GDPR. Our concern within the meaning of the GDPR is the optimization of our online offer and our website. Since the privacy of our visitors is important to us, the data that may allow a reference to an individual person, such as the IP address, login or device identifiers, are anonymized or pseudonymized as soon as possible. No other use, merging with other data or disclosure to third parties takes place.

You can withdraw your consent at any time by clicking on the fingerprint icon in the bottom left-hand corner of the website. The revocation has no negative consequences.

1.3 Usercentrics Consent Manager

We use the Consent Management Platform (CMP) of Usercentrics GmbH, Sendlinger Str. 7, 80331 Munich, Germany. The tool allows you to conveniently manage your consent to the setting of cookies that are not technically necessary and to make changes - such as revoking consent or objecting to consent - via the tool.

Furthermore, you can find the information required under Art. 13 GDPR on the processing of your personal data by the Usercentrics CMP and by technically unnecessary cookies in the tool.

You can access the settings of our CMP by clicking on the fingerprint icon in the bottom left-hand corner of the website.

1.4 LinkedIn Insight tag

The website also uses the LinkedIn Insight Tag (or LinkedIn Pixel) from LinkedIn Corporation, 1000 W Maude Ave, Sunnyvale, CA 94085, USA ("LinkedIn"). By integrating this JavaScript tag, you as a user of our website can be shown interest-based and relevant advertisements ("ads") when visiting the LinkedIn social network or other websites that also use the process, and we receive statistics about website visitors and demographics. Furthermore, we can evaluate your use of our LinkedIn ads and interest in our offers using a conversion tracking function and also show you LinkedIn ads on other websites via retargeting. In this way, we pursue the interest of improving the effectiveness of LinkedIn ads and making our website more interesting for you.

By integrating the LinkedIn Insight tag, your browser automatically establishes a direct connection with the LinkedIn server, both when you visit the LinkedIn website and when you visit websites that have the LinkedIn Insight tag integrated. LinkedIn and we are jointly responsible for collecting your usage data when you visit our website and transmitting it to the provider, but LinkedIn is solely responsible for the relevant processing to achieve the described purposes after the data has been transmitted. We have no influence on the scope and type of use of the data by LinkedIn, we therefore inform you according to our level of knowledge: By integrating the LinkedIn Insight tag, LinkedIn receives the information that you have called up the corresponding website of our Internet presence or clicked on an advertisement from us. If you are registered with a LinkedIn service, LinkedIn can assign the visit to your account. Even if you are not registered with LinkedIn or have not logged in, there is a possibility that the provider will find out your IP address, time window and other identifying features and link them to the actions assigned to you.

The deactivation of the LinkedIn Insight tag and other advertising objections are possible in the settings for advertisements at www.linkedin.com/help/linkedin/answer/62931?trk=microsites-frontend_legal_privacy-policy&lang=en and additionally at www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

Further setting options and information can be found in the LinkedIn Privacy Center: privacy.linkedin.com/en-de?lr=1/.

The legal basis for the processing of your data is Art. 6 para. 1 sentence 1 lit. a) GDPR, i.e. the integration only takes place with your consent. You can revoke your consent at any time, the easiest way is via our Cookie Manager. LinkedIn also processes your personal data in the USA and is certified in accordance with the EU-US Data Privacy Framework. An adequate level of data protection can therefore be assumed. We have also agreed so-called standard data protection clauses with LinkedIn.

Further information on data processing by LinkedIn can be found here. Information on the LinkedIn Insight tag: business.linkedin.com/en/marketing-solutions/insight-tag?lr=1/.

1.5 Integration of social media plug-ins

This website uses so-called "social plug-ins" from the social networks LinkedIn, Instagram, Xing, Facebook, Twitter and Podcast Eins, which are operated by the

  • LinkedIn Corporation, 1000 W Maude Ave, Sunnyvale, CA 94085, USA
  • Meta Platforms, Inc, 1601 Willow Rd, Menlo Park, CA 94025, USA (Instagram, Facebook);
  • New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany;
  • Twitter International Unlimited Company (X), 1355 Market Street, Suite 900, San Francisco, CA 94103, USA
  • and Podcast Eins GmbH, Columbiadamm 10, Tower 9, Tempelhof Campus, 12101 Berlin, Germany

are operated. The website uses the so-called two-click solution. This means that when you visit our site, no personal data is initially passed on to the providers of the plug-ins. You can recognize the provider of the plug-in by the logo. We give you the option of communicating directly with the provider of the plug-in via the button. Only if you click on the marked field and thereby activate it will the plug-in provider receive the information that you have accessed the corresponding website of our online offering. In addition, the data mentioned under point 1.1 of this declaration is transmitted. In the case of Facebook, according to the respective providers in Germany, the IP address is anonymized immediately after collection. By activating the plug-in, your personal data is therefore transmitted to the respective plug-in provider and stored there (for US providers in the USA).

The European Commission issued its adequacy decision for the USA on July 10, 2023. It stipulates that the USA guarantees an adequate level of data protection for transfers within this framework. LinkedIn and Meta are certified under the EU-US Data Privacy Framework and an adequate level of data protection can be assumed. We would like to point out that in the case of Twitter (X) there is currently no adequate level of protection for data transfers to the USA. Therefore, we cannot guarantee that this provider can guarantee an equivalent level of data protection as we can when processing your data.

We have no influence on the data collected and data processing procedures, nor are we aware of the full scope of data collection, the purposes of processing or the storage periods. We also have no information on the deletion of the data collected by the plug-in provider.

The plug-in provider stores the data collected about you as usage profiles and uses these for the purposes of advertising, market research and/or the needs-based design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) to display needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact the respective plug-in provider to exercise this right. We offer you the opportunity to interact with the social networks and other users via the plug-ins so that we can improve our offering and make it more interesting for you as a user. The legal basis for the use of the plug-ins is Art. 6 para. 1 lit. a) GDPR.

Data is passed on regardless of whether you have an account with the plug-in provider and are logged in there. If you are logged in with the plug-in provider, your data collected by us will be assigned directly to your existing account with the plug-in provider. If you click the activated button and, for example, link the page, the plug-in provider also saves this information in your user account and shares it publicly with your contacts. We recommend that you log out regularly after using a social network, but especially before activating the button, as this way you can avoid being assigned to your profile with the plug-in provider.

Further information on the purpose and scope of data collection and its processing by the plug-in provider can be found in the data protection declarations of these providers provided below. There you will also find further information on your rights in this regard and setting options to protect your privacy.

Addresses of the respective plug-in providers and URL with their data protection notices:

1.6 Integration of UNOY

On our website, we integrate the UNOY decision generator, which is operated by UNOY GmbH, Zieglergasse 7/7, 1070 Vienna, Austria. Among other things, this involves the integration of questionnaires, such as the current questionnaire to determine the applicability of the NIS2 Directive to your company. The use of this tool is voluntary and based on your consent. If we are to contact you following the survey, the processing is based on Art. 6 para. 1 lit. b) GDPR. We have also concluded an order processing contract with UNOY in accordance with Art. 28 GDPR, which ensures that data processing is carried out in an appropriate manner.

2. visitors to the social media profiles of SKW Schwarz

SKW Schwarz has profiles on various social media platforms. These platforms are operated by service providers who process data for the provision of these pages.

The purpose of data processing on our social media profiles is to provide interesting content and to interact with visitors on social media platforms. Depending on the respective social media service, the usage data may be analyzed in order to optimize our social media presence.

The data processed is content data (e.g. posts, comments) and usage data (e.g. click behavior, length of stay) on our social media profiles.

Information and data displayed or shared on SKW Schwarz's social media profiles may be accessible to the respective operator of the respective social media platform, its users or contracted service providers.

Further details on data processing are presented below:

  • LinkedIn:
    We and LinkedIn (for users in the EU/EEA: LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland) are jointly responsible for the processing of personal data via the SKW Schwarz LinkedIn profile. The joint controllership agreement is available at: https://legal.linkedin.com/pages-joint-controller-addendum. According to this agreement, LinkedIn is responsible for informing the data subjects about the processing activities. LinkedIn's privacy policy is available at: https://www.linkedin.com/legal/privacy-policy Data subjects may assert their rights against any of the data controllers, SKW Schwarz and/or LinkedIn. Further information about the data that LinkedIn shares with SKW Schwarz can be found at https://www.linkedin.com/help/linkedin/answer/a547077/viewing-company-page-analytics?lang=de The legal basis for the processing of data by SKW Schwarz is the legitimate interest in analyzing usage data to improve SKW Schwarz's LinkedIn profile (Art. 6 para. 1 lit. f) GDPR).
  • YouTube:
    We operate a channel on the YouTube platform. The collection and processing of this data is the sole responsibility of Google (for EU/EEA: Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland and Google Ireland Limited uses Google LLC in the USA (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) as a service provider). We are not aware of any further details of the processing of personal data in the area of Google's data control or possible data processing in the USA. SKW Schwarz has no influence on Google's data processing. Information about the processing of personal data by Google can be found in Google's privacy policy: https://policies.google.com/privacy
  • Facebook
    We and Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland (hereinafter "Meta") are jointly responsible for the processing of personal data via the Facebook profile of SKW Schwarz. The joint controllership agreement can be viewed at: https://www.facebook.com/legal/terms/page_controller_addendum.
    Under this agreement, Meta is responsible for informing the data subjects about the data processing. Facebook's privacy policy is available at: https://www.facebook.com/privacy/policy/.  
    Data Subjects may assert their rights against SKW Schwarz and/or Meta. Further information about the data that Meta shares with SKW Schwarz can be found at: https://www.facebook.com/privacy/policy/.
  • Xing
    We and New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany (hereinafter "New Work SE") are jointly responsible for the processing of personal data via SKW Schwarz's Xing profile. According to this agreement, New Work SE is responsible for informing the data subjects about the data processing. Xing's privacy policy is available at: privacy.xing.com/de/datenschutzerklaerung.
    Data subjects can assert their rights against SKW Schwarz and/or New Work SE. Further information about the data that New Work SE shares with SKW Schwarz can be found at https://privacy.xing.com/de/datenschutzerklaerung
  • Twitter
    We and Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland (hereinafter "Twitter") are jointly responsible for the processing of personal data via SKW Schwarz's Twitter profile. According to this agreement, Twitter is responsible for informing the data subjects about the data processing. Twitter's privacy policy is available at: https://twitter.com/de/privacy.
    Data subjects can assert their rights against SKW Schwarz and/or Twitter. Further information about the data that Twitter shares with SKW Schwarz can be found at: twitter.com/de/privacy.

  

3. recipients of invitations and newsletters

We offer our clients and business contacts the opportunity to subscribe to our newsletter, through which we inform you about current developments in various areas of law and draw your attention to events that we organize.

When you register, we collect the following personal data from you for the purpose of sending invitations and newsletters:

  • Salutation
  • First name and surname
  • E-mail address*
  • Company name
  • Position and title
  • Location
  • Topics/areas of law on which you would like to receive our newsletter*.

The information marked with an asterisk (*) is mandatory information without which newsletters and invitations cannot be sent.

The legal basis for the processing of data for the aforementioned purposes is, in the case of contacting our clients, business contacts or their contact persons, our legitimate interest in providing information about our range of services and events in the context of existing business relationships in accordance with Art. 6 para. 1 lit. f) GDPR or otherwise your expressly granted consent in accordance with Art. 6 para. 1 lit. a) GDPR.

You have the right to object to the processing of your data at any time where the processing of your data is based on our legitimate interest or to withdraw your consent with effect for the future. To do this, you can write to us or our appointed data protection officer informally using the contact details given above or unsubscribe from the newsletter using the link contained in the newsletter email. Your data will be deleted immediately after you unsubscribe from the newsletter.

We use service providers (CleverReach GmbH & Co. KG, Schafjückenweg 2, 26180 Rastede, Germany) by way of order processing to send our newsletter.     

  

  

4 Participants in events

4.1 Registration

To register for our events, we use a form on our website or the guestoo service (Code Piraten GmbH, Am Ruhmbach 44, 45149 Essen, Germany).

We process the following personal data for the purpose of organizing, preparing and holding our event and for related communication (e.g. confirmation of registration, acceptance or rejection, changes to event dates, reminder emails about the event, sending event content, thank-you notes after the event and invitations to similar events):

  • Salutation
  • First name and surname of the participant
  • Company name
  • Contact details (address, telephone or mobile phone number, e-mail address)
  • Position and title
  • Booked parts of the event

The legal basis for the processing of data of event participants is Art. 6 para. 1 lit. b) GDPR (establishment and implementation of a contractual relationship regarding participation in the event). The processing of your data using cookies when registering via guestoo is based on our legitimate interest in the use of technically secure registration technology that optimizes our participant management, Art. 6 para. 1 lit. f) GDPR.

The data provided will be stored by guestoo for the duration of the event and deleted immediately after it has ended.

Session cookies are deleted after seven days, cookies for controlling the cookie hint after 12 months.

The provision of data is contractually obligatory for participation in events. Participation in events is not possible without providing data.

You have the right to object to the processing of your data after the event.

4.2 Face-to-face events, image and sound recordings

We reserve the right to make video and/or audio recordings of individual events for the purpose of holding the event, documenting our event and using it for our press and public relations work. In this case, we will inform you about the recording of the event in advance or when you register for participation.

The following data may be collected from you in this case:

  • Registration data (first name and surname)
  • Position
  • Company name
  • Image or video recordings
  • Speeches that you have made at our event.

The legal basis for the processing of this data is our legitimate interest in documenting the events we organize and presenting our law firm through press and public relations work in accordance with Art. 6 para. 1 lit. f) GDPR.

The image and sound recordings made may be transmitted to journalists, media companies, press and photo agencies and social media platforms, including abroad, for the purpose of press and public relations work and published by us in printed or digital form.

You have the right to object to the processing of your data as described above. When exercising such an objection, we ask you to explain the reasons why we should not process your personal data as we have done. In the event of your justified objection, we will examine the situation and either discontinue or adapt the data processing or show you our compelling reasons worthy of protection on the basis of which we will continue the processing. Please note that if the recordings are published in print media or on the Internet, for example, it will not always be possible to remove your data.  

Archived image and sound recordings of the event and publications are generally not deleted.

The creation of image and sound recordings is not mandatory for participation in the event. If you do not wish to make image and sound recordings, please inform our staff at the event venue.

4.3 Digital events, image and sound recordings

If we hold webinars or digital events in which you participate, the information above under 1.1 also applies in addition to the following information. If a digital event is recorded, we will point out the framework conditions for this at the beginning of the event.

We process your data for the purpose of holding the event and for documenting the event by means of video and audio recordings and using the resulting recordings for the purpose of press and public relations work.

The data processed are

  • Your registration data (first and last name, position, company, e-mail address, according to your personal settings) as well as
  • Metadata (call history (date, time and duration of communication), name of the meeting, device/hardware data, connection data (phone number, country name, start and end times, IP addresses), location data, support and feedback data
  • Image and sound recordings of the event.

If you activate the camera and/or microphone on your end device, we also process the data transmitted via these.

If you participate in chats, whiteboards or voting, this data will also be processed.

The legal basis for the processing of registration data and metadata of participants in events is Art. 6 para. 1 lit. b) GDPR (contract for the organization of the event). The legal basis for possible data processing in the USA when using Microsoft Teams (Microsoft Corporation, 1 Microsoft Way, Redmond, WA 98052, USA) is your consent pursuant to Art. 6 para. 1 lit. a) GDPR.  For the USA, the European Commission issued its adequacy decision on July 10, 2023 (EU-US Data Privacy Framework). It stipulates that the USA guarantees an adequate level of data protection for transfers within this framework. Microsoft is certified under the EU-US Data Privacy Framework.

The legal basis for the production of image and sound recordings is your consent given by activating your camera and/or microphone in accordance with Art. 6 para. 1 lit. a) GDPR. The image and sound recordings made may be transmitted to journalists, media companies, press and photo agencies and social media platforms, including abroad, for the purpose of press and public relations work and published by us in printed or digital form.

You have the right to withdraw your consent to the processing of your image and/or sound recordings at any time with effect for the future. Please note that if the recordings are published in print media or on the Internet, for example, it will not always be possible to remove your data. 

The processing of registration and metadata is contractually obligatory for participation in events. Participation in events is not possible without this processing. The production of image and sound recordings is not mandatory for participation in the event. If you do not wish to make image and sound recordings, please deactivate your camera and microphone.

  

  

5 Interested parties and communication partners

You can send us an inquiry at any time via e-mail or web form to our communication e-mail address. If you make use of this option, we will process your e-mail address together with all the information you provide to us, such as title, first name and surname and message content, for the purpose of exchanging communications and responding to your inquiry.

We use an external service provider, Bryter GmbH, Linienstr. 71, 10119 Berlin, for the provision of web forms in the IP protection rights tool and in the M&A checklist. We have concluded an order processing contract with the service provider, including EU standard contractual clauses.

The legal basis for this is initially your express consent in accordance with Art. 6 para. 1 lit. a) GDPR and, if applicable, the initiation of a contractual relationship in accordance with Art. 6 para. 1 lit. b) GDPR.

Inquiries and communications are stored differently depending on their content, but in the absence of a statutory retention period are deleted immediately after the purpose no longer applies.  

  

6 Applicants for an employment relationship

You can send us application documents by e-mail, post or fax.

Your data required for establishing contact and an application process will be stored for the purpose of carrying out an application procedure in compliance with the statutory provisions. The legal basis for this is Art. 6 Para. 1 lit. b) GDPR and § 26 Para. 1 in conjunction with. Para. 8 S. 2 BDSG (implementation of pre-contractual measures).

The following data may be processed by us in the application process

  • Master data (title, first name, surname, date of birth if applicable)
  • Contact data (address, telephone or mobile phone number, private e-mail address)
  • Application data (e.g. profile picture and other documents such as CV, cover letter, complete application, certificates).

If you are hired, the data will be transferred to your personnel file. Information on the storage period can be found in the information on the processing of personal data of our employees.

If an application for a specific job advertisement is not successful, your data will be stored for evidence purposes for up to 6 months after completion of the application procedure for the possible assertion, exercise or defense of legal claims. If you have also expressed an interest in other positions, the data will be stored for up to 12 months after the last job offer or the last specific expression of interest.

The provision of the data is not required by law or contract. You are not obliged to provide the data. However, if you do not provide the data, it will not be possible to carry out an application procedure and, if necessary, recruitment.

  

7 General information and rights of data subjects

7.1 Rights of data subjects

According to Art. 15 ff. GDPR, you have the following rights vis-à-vis us with regard to the personal data concerning you

  • Right to information,
  • Right to rectification or erasure,
  • Right to restriction of processing,
  • Right to object to processing,
  • Right to revoke a given consent,
  • Right to data portability.

You also have the right to complain to a data protection supervisory authority about the processing of your personal data by us.

If you have any questions regarding the processing of your data or the assertion of your rights, you can contact our external data protection officer at any time using the contact details provided above.

7.2 Deletion of personal data

The data processed by us will be deleted in accordance with the legal requirements if the purpose of processing your data no longer applies or if it is no longer required for the purpose. Your data will also be deleted if the processing was based on your consent and you have withdrawn it.

It may be that the storage of your data is required for other legally permissible purposes, such as to fulfill a legal obligation, to exercise legal claims or for tax law reasons. In these cases, your personal data will only be processed for these purposes.

7.3 Categories of recipients of personal data

We use external domestic and foreign service providers to process our business transactions (e.g. for IT, logistics, telecommunications, sales and marketing), who may also gain knowledge of your personal data. We have concluded order processing contracts with these providers in accordance with Art. 28 GDPR, which ensure that data processing is carried out in a permissible manner.

7.4 Requirements for the transfer of personal data to third countries

For the exceptional cases in which personal data is transferred to countries outside the European Economic Area (EEA), i.e. to third countries, this is done under the conditions of Art. 44 et seq. GDPR. We will inform you about the respective details of the transfer at the relevant points below.

The European Commission certifies that some third countries have a level of data protection comparable to the EEA standard by means of so-called adequacy decisions. However, in other third countries to which personal data may be transferred, there may not be a consistently high level of data protection due to a lack of legal provisions. If this is the case, we ensure that data protection is adequately guaranteed. This is possible through binding corporate rules, standard contractual clauses of the European Commission for the protection of personal data in accordance with Art. 46 para. 1, 2 lit. c) GDPR, certificates or recognized codes of conduct.

Status: June 2024