Privacy Policy

We hereby inform you about our processing of personal data. Controller for the described processing of personal data is SKW Schwarz Rechtsanwälte Steuerberater Wirtschaftsprüfer Partnerschaft mbB, Wittelsbacherplatz 1, 80333 München, Germany, telephone +49 (0)89 2 86 40 - 0, email muenchen@skwschwarz.de (hereinafter “SKW Schwarz”).

You may contact our Data Protection Officer via email at skw-dsb@daspro.de or via mail to DSB SKW Schwarz, daspro GmbH, Kurfürstendamm 21, 10719 Berlin, Germany.

Please find below the most important information about typical data processing sorted by groups of data subjects. For certain data processing activities, which relate only to specific groups, the duties to provide information are met separately.

Where the term “data” is used in the text, in each case it refers only to personal data as defined in the GDPR.

1. Website Visitors

2. Clients and employees of clients

3. Parties Concerned and Employees of Parties Concerned

4. Service Providers, Business Partners and their Employees

5. Recipients of newsletters, invitees in events

6. Participants in events

7. Prospective Clients and Communication Partners

8. Applicants for Employment

9. General Information and Rights of the Data Subjects

1. Website Visitors

1.1 Server log data. Our web server processes a range of data for each request, which your browser automatically transmits to our web server. This includes the IP address allocated to your device, the date and time of the request, the time zone, the specific page or file accessed, the http status code and the data quantities transmitted; in addition, the website from which your request originated, the browser used, the operating system of your device and the language used. The web server uses these data to make the contents of this website available in the best possible way on your device.

1.2 The provider of this website uses the services of etracker GmbH, Hamburg, Germany (www.etracker.com) to analyse usage data. When visitors give us their explicit consent, cookies are used, which enable the statistical analysis of the use of this website by its visitors as well as the display of usage-relevant content or advertising. Cookies are small text files that are stored by the Internet browser on the user's device. etracker cookies do not contain any information that could identify a user.

The data generated with etracker is processed and stored by etracker solely in Germany by commission of the provider of this website and is thus subject to strict German and European data protection laws and standards.In this regard, etracker was checked, certified and awarded with the ePrivacyseal data protection seal of approval.

The data processing is based on the on the legal basis of Art. 6 Section 1 lit f (consent) of the EU General Data Protection Regulation (GDPR) to optimise our online offer and our website. As the privacy of our visitors is very important to us, etracker anonymizes the IP address as early as possible and converts login or device IDs into a unique key with which, however, no connection to any specific person can be made with. etracker does not use it for any other purpose, combine it with other data or pass it on to third parties.

You can revoke your consent at any time. Your objection has no detrimental consequences for you.

consent settings


Further information on data protection with etracker can be found here.

1.2 The purpose of the data processing is the online presentation of our law firm and its services as well as the interaction with communication partners. The purpose of the analysis of user behaviour on the website is the needs-oriented design of the website. No change in these purposes is planned.

1.3 The legal basis for the processing during the use of the website is Article 6(1)(f) GDPR (legitimate interest, specifically operation of a website and user interaction). The legal basis for the analysis of user behaviour is Article 6(1)(f) GDPR (legitimate interest, specifically the needs-oriented design of the website).

1.4 Log and communications data are not passed on to third parties except under special circumstances. In the event of the suspicion of a crime or in investigative proceedings, data may be transmitted to the police and the public prosecutor’s office. We use processors by means of service agreements to perform services, in particular to provide, maintain and support IT systems.

1.5 IP addresses are anonymized at the latest after 24 hours. Pseudonymous usage data are deleted in each case after three months. Communication content is deleted after ten calendar years.

1.6 Use of the website without disclosure of personal data such as the IP address is not possible. Communication via the website without providing data is not possible. Use of the website is possible if the user has objected to pseudonymous usage analysis.

2. Clients and employees of clients

2.1 We process your data for the purposes of performing or entering into a client agreement and to comply with legal obligations. We also process your data to provide you with information on legal developments, news from our law firm and to invite you to events. No change in these purposes is planned.

2.2 The legal bases for processing of data from clients who are natural persons is Article 6(1)(b) GDPR (client agreement) and for processing of data from employees or representatives of legal entities Article 6(1)(f) GDPR (legitimate interest, specifically communication with relevant client contact persons) and Article 6(1)(c) GDPR (legal obligations, specifically tax and commercial law requirements). The legal basis for the assessment, enforcement and the rejection of claims is Article 6(1)(f) GDPR (legitimate interest, specifically assertion of rights or defence against claims). Data for information, news and event invitations are processed based on Art. 6(1)(f) GDPR (legitimate interest, specifically client relation management).

2.3 Recipients of data may include banks for the processing of payments. Public authorities and offices may receive data within the scope of their duties, insofar as we are obligated or entitled to transmit data. This includes specifically courts. We also use processors by means of service agreements to perform services, in particular to provide, maintain and support IT systems.

2.4 All contractual data and data relevant for accounting are stored for 10 calendar years in accordance with the storage periods under tax and commercial law. Legal title documents are stored for 30 calendar years unless the receivable is paid off prior. Communication content is deleted after ten calendar years.

2.5 The provision of data is obligatory for clients and employees of clients both legally and contractually. Without provision of data, no client agreement may be established and carried out.

3. Parties Concerned and Employees of Parties Concerned

3.1 When rendering services for our clients we process data of the parties concerned and their employees (e.g. negotiating or contracting parties, counterparties, courts, public authorities and agencies, witnesses, expert witnesses, etc.) for the purpose to provide the services to our clients and to assert their rights.

3.2 The legal bases for the processing of data from parties concerned and their employees is 6(1)(f) GDPR (legitimate interest to assert our clients rights ) and or Article 6(1)(c) GDPR (legal obligations).

3.3 Recipients of data may include all entities involved in mandate in particular public authorities, agencies, courts, witnesses, expert witnesses and other concerned parties. We also use processors to perform services, in particular providing, maintaining and supporting IT systems.

3.4 Data of parties concerned and employees of parties concerned are deleted 10 calendar years after the end of the mandate.

3.5 Processing of the data is obligatory for the concerned parties and their employees. Without the provision of data the provision of services for the clients cannot be carried out.

4. Service Providers, Business Partners and their Employees

4.1 We process your data for the purpose of preparation and performance of the contractual relationship and for the fulfilment of legal requirements. No change in these purposes is planned.

4.2 The legal bases for processing are in case of contracts with natural persons Article 6(1)(b) GDPR (contract), in case of contracts with legal entities Article 6(1)(f) GDPR (legitimate interest, specifically communication with contact persons relevant to the contract), as well as always Article 6(1)(c) GDPR (legal obligations, in particular provisions of tax and commercial floor). When checking, asserting or rejecting claims, the legal basis is Article 6(1)(f) GDPR (legitimate interest, specifically asserting or defending claims).

4.3 Recipients of data may include banks for the processing of payments. Public authorities and offices may receive data within the scope of their duties, insofar as we are obligated or entitled to transmit data. Moreover in specific cases data may be transmitted to collection service providers, legal advisors and courts. We also use processors by means of service agreements to perform services, in particular to provide, maintain and support IT systems.

4.4 All contractual data and data relevant for accounting are stored for 10 calendar years in accordance with the storage periods under tax and commercial law. Inquiries and communication data are automatically deleted after 10 years.

4.5 Processing of the contact data at service providers and business partners is necessary in order to perform the contract or order. If the data are not provided, the contract cannot be established or carried out. The provision of data is required for prospective service providers, business partners and their employees. The communication is not possible without the data.

5. Recipients of newsletters, invitees in events

5.1 We process your data for the purpose of sending you our newsletter(s) and inviting you to events. No change in these purposes is planned.

5.2 The legal bases for processing of data of recipients of newsletters and invitees is Article 6(1)(f) GDPR (legitimate interest, specifically client and partner relationship management) if you are a client, a business partner or our contact at a client or business partner, otherwise your consent (Article 6(1)(a) GDPR).

5.3 We use processors by means of service agreements to perform services, in particular to provide, maintain and support IT systems.

5.4 Data on newsletter recipients and invitees is deleted upon request.

5.5 Processing of contact data is necessary in order to receive newsletter(s) and invitations. If the data are not provided, you may not receive newsletter(s) and invitations.

6. Participants in events

6.1 We process your data for the purpose of holding the event, documenting the event by means of video and audio recordings and the use of the recordings made for press and public relations purposes. There are no plans to change these purposes.

6.2 The legal basis for the processing of personal data of participants in events is Article 6 para. 1 lit. b) DS-GVO (contract for the holding of the event) and Article 6 para. 1 lit. c) DS-GVO (statutory obligations, in particular tax and commercial law provisions). The legal basis for the production of video and audio recordings is Article 6 para. 1 lit. f) DS-GVO (legitimate interest in the documentation of the events organized by us and our legitimate interest in the representation of our law firm through press and public relations work).

6.3 For the purpose of press and public relations work, the image and sound recordings produced can also be transmitted abroad to journalists, media companies, press and photo agencies as well as social media platforms and published by us in printed or digital form. We use processors by means of service agreements to perform services, in particular to provide, maintain and support IT systems.

6.4 Archived video and sound recordings of the event as well as publications are usually not deleted. All contractual data and data relevant for accounting are stored for 10 calendar years. Data on newsletter recipients and invitees is deleted upon request.

6.5 Processing of contact data is necessary in order to attend events. If the data are not provided, you may not participate in events.

7. Prospective Clients and Communication Partners

7.1 We process the data from prospective clients and communication partners for the purpose of communication with the data subjects. No change in these purposes is planned.

7.2 The legal basis for processing data from prospective clients and communication partners is Article 6(1)(f) GDPR (legitimate interest, specifically communication with prospective clients and communication partners).

7.3 We use processors by means of service agreements to perform services, in particular to provide, maintain and support IT systems.

7.4 Inquiries and communication data are automatically deleted after 10 years.

7.5 The provision of data is required for prospective clients and communication partners. The communication is not possible without the data.

8. Applicants for Employment

8.1 The purpose of data processing is to select applicants for an employment relationship. No change in this purpose is planned.

8.2 The legal basis for the processing of data is Section 26 BDSG-2017 (New German Federal Data Protection Act) in conjunction with Art. 6(1)(b) (initiation of the employment contract) and Art. 88 GDPR. We process voluntary information that you provide as part of your application on the basis of Section 26 BDSG-2017 in conjunction with Art. 6(1)(a) (consent) and Art. 88 GDPR.

8.3 Applicant data are passed on internally to the responsible decision-making partners and employees. We also use processors by means of service agreements to perform services, in particular to provide, maintain and support IT systems.

8.4 The data are deleted six months after the end of the application process. If an applicant is also interested in other positions, the data will remain stored for up to 24 months.

8.5 The provision of personal data is necessary for applicants. Without the provision of personal data, applications may not be considered.

9. General Information and Rights of the Data Subjects

The following rights of the data subjects may be limited by the client attorney privilege according to Section 29 BDSG-2017 (New German Federal Data Protection Act) in conjunction with Article 23 GDPR. As far as no conflict with the client attorney privilege arises data subjects have the following rights:

a) You have the right to request information at any time about all your personal data that we process.

b) If your personal data are inaccurate or incomplete, you have the right to correction and amendment.

c) You may request the deletion of your personal data at any time, unless we are legally obligated or entitled to process your data further.

d) In case of legal requirements, you may request a limitation on the processing of your personal data

e) You have the right to object to processing if the data processing is performed for the purposes of direct advertising or profiling. If processing is performed as a result of the balancing of interests, you may object to the processing stating reasons arising from your particular situation.

f) Where data processing is performed on the basis of your consent or as part of a contract, you have the right to transfer the data provided by you, unless the rights and freedoms of other persons are impaired.

g) Where we process your data on the basis of a declaration of consent, you have the right to revoke this consent at any time with effect for the future. Any processing performed prior to revocation will remain unaffected by the revocation.

h) In addition, you have the right to file a complaint to a data protection supervisory authority at any time if you are of the opinion that data processing has occurred in breach of an applicable law.

Last updated 24 April 2019