Privacy Policy

We hereby inform you about our processing of personal data. Controller for the described processing of personal data is SKW Schwarz Rechtsanwälte Steuerberater Wirtschaftsprüfer Partnerschaft mbB, Wittelsbacherplatz 1, 80333 München, Germany, telephone +49 (0)89 2 86 40 - 0, email muenchen@skwschwarz.de (hereinafter “SKW Schwarz”).

You may contact our Data Protection Officer via email at skw-dsb@daspro.de or via mail to DSB SKW Schwarz, daspro GmbH, Kurfürstendamm 21, 10719 Berlin, Germany.

Please find below the most important information about typical data processing sorted by groups of data subjects. For certain data processing activities, which relate only to specific groups, the duties to provide information are met separately.

Where the term “data” is used in the text, in each case it refers only to personal data as defined in the GDPR.

1. Website Visitors

2. Clients and employees of clients

3. Parties Concerned and Employees of Parties Concerned

4. Service Providers, Business Partners and their Employees

5. Recipients of newsletters, invitees and participants in events

6. Prospective Clients and Communication Partners

7. Applicants for Employment

8. General Information and Rights of the Data Subjects

1. Website Visitors

1.1 Server log data. Our web server processes a range of data for each request, which your browser automatically transmits to our web server. This includes the IP address allocated to your device, the date and time of the request, the time zone, the specific page or file accessed, the http status code and the data quantities transmitted; in addition, the website from which your request originated, the browser used, the operating system of your device and the language used. The web server uses these data to make the contents of this website available in the best possible way on your device.

1.2 Web analysis. We use Google Analytic, a web analytics service of Google Inc. (“Google”). Google Analytics uses small text files (“cookies”) on your device to enable us to analyse your visitor behaviour with a pseudonym. Information about your visitor behaviour stored in such cookies will be transferred to web servers of Google in the USA and will be stored there. For this website the function anonymize IP has been activated, therefore Google will anonymize your IP address on Google servers within the EU or the EEC prior to the transfer of data to the USA. In rare cases full IP addresses may be transferred to the USA and will then be anonymized there.

Google will use the information transferred as a Processor (Article 28 GDPR) to analyse your visitor behaviour, to provide reports about web activities and to provide further services in relation to website use and internet use to the Controller. Your IP address will not be combined with other data of Google.

You may prevent the storage of cookies (including your IP address) by using appropriate settings in your browser or object to further processing by downloading and installing a browser plugin. Alternatively you may store an opt-out cookie on your device to prevent future analysis of your visitor behaviour.

1.3 The purpose of the data processing is the online presentation of our law firm and its services as well as the interaction with communication partners. The purpose of the analysis of user behaviour on the website is the needs-oriented design of the website. No change in these purposes is planned.

1.4 The legal basis for the processing during the use of the website is Article 6(1)(f) GDPR (legitimate interest, specifically operation of a website and user interaction). The legal basis for the analysis of user behaviour is Article 6(1)(f) GDPR (legitimate interest, specifically the needs-oriented design of the website).

1.5 Log and communications data are not passed on to third parties except under special circumstances. In the event of the suspicion of a crime or in investigative proceedings, data may be transmitted to the police and the public prosecutor’s office. We use processors by means of service agreements to perform services, in particular to provide, maintain and support IT systems.

1.6 IP addresses are anonymized at the latest after 24 hours. Pseudonymous usage data are deleted in each case after three months. Communication content is deleted after ten calendar years.

1.7 Use of the website without disclosure of personal data such as the IP address is not possible. Communication via the website without providing data is not possible. Use of the website is possible if the user has objected to pseudonymous usage analysis.

2. Clients and employees of clients

2.1 We process your data for the purposes of performing or entering into a client agreement and to comply with legal obligations. We also process your data to provide you with information on legal developments, news from our law firm and to invite you to events. No change in these purposes is planned.

2.2 The legal bases for processing of data from clients who are natural persons is Article 6(1)(b) GDPR (client agreement) and for processing of data from employees or representatives of legal entities Article 6(1)(f) GDPR (legitimate interest, specifically communication with relevant client contact persons) and Article 6(1)(c) GDPR (legal obligations, specifically tax and commercial law requirements). The legal basis for the assessment, enforcement and the rejection of claims is Article 6(1)(f) GDPR (legitimate interest, specifically assertion of rights or defence against claims). Data for information, news and event invitations are processed based on Art. 6(1)(f) GDPR (legitimate interest, specifically client relation management).

2.3 Recipients of data may include banks for the processing of payments. Public authorities and offices may receive data within the scope of their duties, insofar as we are obligated or entitled to transmit data. This includes specifically courts. We also use processors by means of service agreements to perform services, in particular to provide, maintain and support IT systems.

2.4 All contractual data and data relevant for accounting are stored for 10 calendar years in accordance with the storage periods under tax and commercial law. Legal title documents are stored for 30 calendar years unless the receivable is paid off prior. Communication content is deleted after ten calendar years.

2.5 The provision of data is obligatory for clients and employees of clients both legally and contractually. Without provision of data, no client agreement may be established and carried out.

3. Parties Concerned and Employees of Parties Concerned

3.1 When rendering services for our clients we process data of the parties concerned and their employees (e.g. negotiating or contracting parties, counterparties, courts, public authorities and agencies, witnesses, expert witnesses, etc.) for the purpose to provide the services to our clients and to assert their rights.

3.2 The legal bases for the processing of data from parties concerned and their employees is 6(1)(f) GDPR (legitimate interest to assert our clients rights ) and or Article 6(1)(c) GDPR (legal obligations).

3.3 Recipients of data may include all entities involved in mandate in particular public authorities, agencies, courts, witnesses, expert witnesses and other concerned parties. We also use processors to perform services, in particular providing, maintaining and supporting IT systems.

3.4 Data of parties concerned and employees of parties concerned are deleted 10 calendar years after the end of the mandate.

3.5 Processing of the data is obligatory for the concerned parties and their employees. Without the provision of data the provision of services for the clients cannot be carried out.

4. Service Providers, Business Partners and their Employees

4.1 We process your data for the purpose of preparation and performance of the contractual relationship and for the fulfilment of legal requirements. No change in these purposes is planned.

4.2 The legal bases for processing are in case of contracts with natural persons Article 6(1)(b) GDPR (contract), in case of contracts with legal entities Article 6(1)(f) GDPR (legitimate interest, specifically communication with contact persons relevant to the contract), as well as always Article 6(1)(c) GDPR (legal obligations, in particular provisions of tax and commercial floor). When checking, asserting or rejecting claims, the legal basis is Article 6(1)(f) GDPR (legitimate interest, specifically asserting or defending claims).

4.3 Recipients of data may include banks for the processing of payments. Public authorities and offices may receive data within the scope of their duties, insofar as we are obligated or entitled to transmit data. Moreover in specific cases data may be transmitted to collection service providers, legal advisors and courts. We also use processors by means of service agreements to perform services, in particular to provide, maintain and support IT systems.

4.4 All contractual data and data relevant for accounting are stored for 10 calendar years in accordance with the storage periods under tax and commercial law. Inquiries and communication data are automatically deleted after 10 years.

4.5 Processing of the contact data at service providers and business partners is necessary in order to perform the contract or order. If the data are not provided, the contract cannot be established or carried out. The provision of data is required for prospective service providers, business partners and their employees. The communication is not possible without the data.

5. Recipients of newsletters, invitees and participants in events

5.1 We process your data for the purpose of sending you our newsletter(s), inviting you to events and the performance of the event. No change in these purposes is planned.

5.2 The legal bases for processing of data of recipients of newsletters and invitees is Article 6(1)(f) GDPR (legitimate interest, specifically client and partner relationship management) if you are a client or a business partner, otherwise your consent (Article 6(1)(a) GDPR). If you register for an event the legal basis for processing are Article 6(1)(b) GDPR (event contract) and Article 6(1)(c) GDPR (legal obligations, specifically tax and commercial law requirements).

5.3 We use processors by means of service agreements to perform services, in particular to provide, maintain and support IT systems.

5.4 All contractual data and data relevant for accounting are stored for 10 calendar years. Data on newsletter recipients and invitees is deleted upon request.

5.5 Processing of contact data is necessary in order to receive newsletter(s) and invitations and to attend events. If the data are not provided, you may not receive newsletter(s) and invitations and may not participate in events

6. Prospective Clients and Communication Partners

6.1 We process the data from prospective clients and communication partners for the purpose of communication with the data subjects. No change in these purposes is planned.

6.2 The legal basis for processing data from prospective clients and communication partners is Article 6(1)(f) GDPR (legitimate interest, specifically communication with prospective clients and communication partners).

6.3 We use processors by means of service agreements to perform services, in particular to provide, maintain and support IT systems.

6.4 Inquiries and communication data are automatically deleted after 10 years.

6.5 The provision of data is required for prospective clients and communication partners. The communication is not possible without the data.

7. Applicants for Employment

7.1 The purpose of data processing is to select applicants for an employment relationship. No change in this purpose is planned.

7.2 The legal basis for the processing of data is Section 26 BDSG-2017 (New German Federal Data Protection Act) in conjunction with Art. 6(1)(b) (initiation of the employment contract) and Art. 88 GDPR. We process voluntary information that you provide as part of your application on the basis of Section 26 BDSG-2017 in conjunction with Art. 6(1)(a) (consent) and Art. 88 GDPR.

7.3 Applicant data are passed on internally to the responsible decision-making partners and employees. We also use processors by means of service agreements to perform services, in particular to provide, maintain and support IT systems.

7.4 The data are deleted six months after the end of the application process. If an applicant is also interested in other positions, the data will remain stored for up to 24 months.

7.5 The provision of personal data is necessary for applicants. Without the provision of personal data, applications may not be considered.

8. Rights of the Data Subjects

The following rights of the data subjects may be limited by the client attorney privilege according to Section 29 BDSG-2017 (New German Federal Data Protection Act) in conjunction with Article 23 GDPR. As far as no conflict with the client attorney privilege arises data subjects have the following rights:

a) You have the right to request information at any time about all your personal data that we process.

b) If your personal data are inaccurate or incomplete, you have the right to correction and amendment.

c) You may request the deletion of your personal data at any time, unless we are legally obligated or entitled to process your data further.

d) In case of legal requirements, you may request a limitation on the processing of your personal data

e) You have the right to object to processing if the data processing is performed for the purposes of direct advertising or profiling. If processing is performed as a result of the balancing of interests, you may object to the processing stating reasons arising from your particular situation.

f) Where data processing is performed on the basis of your consent or as part of a contract, you have the right to transfer the data provided by you, unless the rights and freedoms of other persons are impaired.

g) Where we process your data on the basis of a declaration of consent, you have the right to revoke this consent at any time with effect for the future. Any processing performed prior to revocation will remain unaffected by the revocation.

h) In addition, you have the right to file a complaint to a data protection supervisory authority at any time if you are of the opinion that data processing has occurred in breach of an applicable law.

Last updated 24 May 2018