Lausen Logo

Privacy

Information on the processing of personal data (privacy policy)

Information on the processing of personal data by Lausen Rechtsanwälte (Privacy Policy)

1           Controller

The controller (as defined in the General Data Protection Regulation [GDPR]) for the processing of personal data described below is: Lausen Rechtsanwälte Partnerschaft mbB, email:kanzlei@lausen.com , tel.: +49 89 24 20 96-0, fax: +49 89 24 20 96-10 (hereinafter: “we”).

Contact details of the data protection officer: Lawyer Frank Michael Höfinger, Lausen Rechtsanwälte mbB, Residenzstraße 25, 80333 Munich, email:hoefinger@lausen.com , tel.: +49 89 24 20 96-0; fax: +49 89 24 20 96-10

2           Scope of this privacy policy

This privacy policy provides information on the processing of personal data pursuant to Articles 13 and 14 GDPR

  • prior to the conclusion of a contract (e.g. a client relationship);
  • when we conclude a contract with you, in the context of the contractual relationship (e.g. a client relationship), and subsequently; or
  • if you work fir one of our contractual partners (including clients), in the context of the contractual (client) relationship.

Regarding our website lausen.com and our profile on “LinkedIn” please see sections 7 and 8.

3           Subject matter of processing

3.1         Data that you provide when you contact us

When you contact us, we process the personal data that you provide (eg your name and contact details such as address, email address, telephone number) in order to process your enquiry or matter.

The legal basis is Article 6(1)(b) GDPR (steps prior to entering into a contract) if as your enquiry is aimed at possibly concluding a contract with us (including a client relationship), or otherwise the pursuit of legitimate interests (Article 6(1)(f) GDPR), ie answering questions about our firm and our services.

3.2         Contractual partners and clients

We collect the following data: title, name, company (if applicable), contact details such as address, telephone number, email address; information relevant to the decision to conclude a contract (the documents that you provide; information that we receive from third parties or obtain from public sources); and other information that you provide to us. In the context of a contractual relationship we also collect other necessary data such as identifiers for tax authorities and data that incurs in the course of the contractual relationship. If you work for one of our contractual partners (including clients), we also process such data where we have received it from the relevant body; see also section 3.3.

The purpose of processing this data is taking steps prior to entering into a contract and, in case we conclude a contract with you, the performance of the contract.

We process this data

  • to be able to identify you as our contractual partner (client);
  • to perform the contract, including invoicing.

In the case of client relationships, the performance of the contract includes, in particular,

  • advising you and representing you as a solicitor;
  • asserting or exercising claims or defending against claims;
  • corresponding with you and third parties (e.g. opposing parties, authorities, courts) on your behalf.

The legal basis is Article 6(1)(b) GDPR (pre-contractual measures or performance of a contract). Processing is necessary for the purposes mentioned. Without the processing of this data, we cannot conduct contract negotiations with you or conclude a contract.

Otherwise, the legal basis is Article 6 (1)(c) GDPR (fulfilment of a legal obligation to which we are subject) or Article 6 (1) (f) GDPR (protection of legitimate interests), see sections 3.8, 4.3 and 5.

3.3         Employee/freelancer of one of our contractual partners (including clients)

If you work for one of our contractual partners (including clients), we will process your data in correspondence with the relevant entity. The purposes mentioned in the section 3.2 then relate to the company for which you work.

The purpose of processing your data is the pursuit of legitimate interests (namely our interest and the interest of our contractual partner in the fulfilment of the contract; in the case of a client, in particular the assertion, exercise and defence of claims). The legal basis is Article 6(1)(f) GDPR.

3.4         Employees, trainees, interns, freelancers; applications

When you apply for a job, we collect the following data: title, name, address, telephone number, email address; Information required in the context of the application (CV, references, qualifications, answers to questions, your bank details for reimbursement of travel expenses, if applicable). In the context of an employment relationship, we also collect other necessary data such as identification numbers for tax authorities and social security institutions and data that incurs in the course of the employment relationship.

The purpose of processing this data is to handle your application or, if we hire you or employ you for training, to carry out the employment relationship or perform the contract. The legal basis is Section 26(1), first clause BDSG (processing for the purposes of the employment relationship, if this is necessary for the decision on the establishment, implementation or termination of an employment relationship). If there is no employment relationship, the legal basis is Article 6(1)(b) GDPR (taking steps prior to entering into a contract or performance of a contract).

The processing is necessary for the aforementioned purposes. Without the processing of this data, we cannot process your application or employ/commission you.

3.5         Recipients of personal data

3.5.1        In the context of applications

We treat your application confidentially.

Without your consent, we will disclose your data to third parties only in the following cases:

  • to the extent that this is necessary for the decision on the establishment of an employment relationship, in particular through enquiries with employers, training companies and references that you have provided. The legal basis in this case is Section 26 (1), first clause of the German Federal Data Protection Act.
  • to comply with a legal obligation, e.g. towards tax authorities. The legal basis in this case is Article 6(1)(c) GDPR.
  • to the extent that this is necessary for the pursuit of legitimate interests. Our legitimate interests include, in particular, the assertion, exercise and defence of legal claims. In this case, the legal basis is Article 6(1)(f) GDPR.

3.5.2        In the context of an employment relationship

Without your consent, we will only disclose your data to third parties in the following cases:

  • to the extent that this is necessary for the performance of the employment relationship, in particular the disclosure of your name and contact details to business partners and the transmission of data to social security institutions. In this case, the legal basis for processing is Section 26(1) sentence 1 BDSG.
  • to comply with a legal obligation, e.g. towards tax authorities. In this case the legal basis is Article 6(1)(c) GDPR.
  • to the extent that this is necessary for the pursuit of legitimate interests. Our legitimate interests include, in particular, the assertion, exercise or defence of legal claims. In this case, the legal basis is Article 6 (1) (f) GDPR.

3.6         Participation in events

3.6.1        Subject matter and purpose of processing

When you register for an event, we collect the following data: title, name, company (if applicable), position, contact details such as address, telephone number, email address, booked event; in the context of a contractual relationship, we also collect other necessary data such as identification numbers for tax authorities and data that incurs in the course of the contractual relationship.

We process your data for the purpose of preparing and conducting the event and for the necessary communication with you. The legal basis is Article 6(1)(b) GDPR. The processing is necessary for the purposes mentioned. Without the processing of this data, we cannot conduct contract negotiations with you or conclude a contract.

We process the aforementioned data for as long as is necessary for the performance of the contract. In addition, we will store your data only if this is necessary for the pursuit of legitimate interests, namely for direct marketing, in particular to inform you of similar future events (see 3.6), or if you give us your consent to do so.

3.6.2        Use of “guestoo”

If we do not collect the aforementioned data via a contact form on our website or in direct contact by email, we use the “guestoo” service provided by Code Piraten GmbH (https://www.guestoo.de/) for participant management (sending invitations and booking the event). Code Piraten GmbH processes this personal data on our behalf. We have concluded a data processing agreement with this service provider in accordance with Article 28 (3) GDPR.

When registering via “guestoo”, cookies are set as described in detail at https://www.guestoo.de/datenschutzerklaerung/. Cookies that are necessary for functionality are deleted after seven days. Cookies that record whether the cookie notice for “guestoo” has already been displayed to a user are deleted after twelve months. The use of cookies is based on our legitimate interest in providing a user-friendly service for participant management and using secure technical means. The legal basis is Article 6(1)(f) GDPR.

3.7         Photos/videos and recordings at events

If we take photographs or make video recordings at a face-to-face event or make an image and sound recording of an online event, we process such recordings either for the pursuit of legitimate interests (legal basis: Article 6(1)(f) GDPR)), namely for internal documentation and archiving of the event, or on the basis of the consent of the persons depicted (legal basis: Article 6(1)(a) GDPR).

We will always inform you in connection with a specific event about the purposes for which recordings are made and used, eg to make the recording of a webinar available to other interested parties. If necessary, we will obtain your consent for this, which you can withdraw at any time. Where we  process of recordings based on the pursuit of legitimate interests, you have the right to object (cf section 9).

3.8         Direct marketing

We process personal data for direct marketing where this is lawful without the consent of the addressees (e.g. advertising by post; if we have received the email address in connection with a paid contract, by email for similar services in accordance with Section 7(3) of the German Act against Unfair Competition). The purpose of processing your data is the pursuit of legitimate interests (our interest in promoting our services). The legal basis is Article 6(1)(f) GDPR. You may object to this processing at any time (cf section 9).

Otherwise, we only process your data for direct marketing purposes with your prior express consent (Section 7(2) of the German Act against Unfair Competition), eg if you subscribe to an email newsletter. You can withdraw such consent at any time (cf section 9),eg by unsubscribing from a newsletter using the unsubscribe link at the end of each email.

4           Recipients of personal data

We will disclose your personal data only if you have given your consent (in this case the legal basis is Article 6 (1)(a) GDPR)) or if there is another legal basis.

For recipients of personal data in the context of job applications and in the context of an employment relationship or freelance work, please see section 3.5 .

4.1         During contract negotiations

We treat the fact that we are in contract negotiations with you as confidential.

Without your consent, we will disclose your data to third parties only in the following cases:

  • to the extent that this is necessary for the decision on the conclusion of the contract, in the case of service providers in particular by making enquiries with former clients and the references you have provided. In this case the legal basis for processing is Article 6(1)(b) GDPR.
  • to comply with a legal obligation to which we are subject, e.g. towards tax authorities. In this case the legal basis is Article 6(1)(c) GDPR.
  • to the extent that this is necessary for the pursuit of legitimate interests. Our legitimate interests include, in particular, the assertion, exercise and defence of claims. In this case the legal basis is Article 6(1)(f) GDPR.

4.2         After conclusion of the contract for the performance of a contract

Without your consent, we will disclose your data only to the extent necessary for the performance of the contract, in particular the disclosure of your name and contact details to business partners; in the context of a client relationship also to the opposing party and other parties involved in the proceedings as well as their representatives, authorities and courts for the purpose of correspondence and the assertion, exercise and defence of your claims. In this case the legal basis for processing is Article 6(1)(b) GDPR.

4.3         Disclosure to third parties for other purposes

Besides the cases mentioned in the sections 4.1 and 4.2 , we will disclose your data to third parties without your consent only in the following cases:

  • to comply with a legal obligation, eg towards tax authorities. In this case the legal basis is Article 6 (1) (c) GDPR.
  • to the extent that this is necessary for the pursuit of legitimate interests. Our legitimate interests include, in particular, the assertion, exercise or defence of legal claims. In this case the legal basis is Article 6(1)(f) GDPR.

The above is without prejudice to the attorney-client privilege.

4.4         Processors

We have commissioned the following service provider which processes personal data on our behalf: MedienDeZign GmbH, Siedlerstraße 9, 82166 Gräfelfing (IT support). We have concluded a data processing agreement with MedienDeZign GmbH in accordance with Article 28(3) GDPR and a confidentiality agreement in accordance with § 43e of the German Professional Code for Lawyers.

5           Transfer of personal data to third countries

Under certain circumstances, we may transfer personal data to third countries, ie countries outside the territorial scope of application of the GDPR (= EU, Iceland, Liechtenstein, Norway), where this is permitted under Article 44 ff GDPR.

When transferring data to countries for which the European Commission has determined an adequate level of data protection, eg Switzerland or the United Kingdom, the transfer is in accordance with Article 45 GDPR on the basis of the relevant adequacy decision (see https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en).

When transferring data to other third countries, the transfer is in accordance with Article 46 subject to an appropriate safeguard. We agree the Standard Contractual Clauses (SCC) adopted by the European Commission with the recipient of the personal data; th SCC can be found at https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en.

In individual cases, we may rely on one of the derogations provided for in Article 49 GDPR to transfer your data to a third country even though there is no adequacy decision and no appropriate safeguard, eg if you have given your consent to the transfer to a third country, or if the transfer is necessary for the performance of a contract with you or for the assertion, exercise or defence of legal claims.

6           Duration of storage

We store your data for as long as is necessary to handle an enquiry (contractual negotiations) or to perform a contract. This does not apply to data that we are not yet permitted to delete – even after the end of the contractual (client) relationship – due to legal obligations, in particular due to the retention obligation for reference files (six years after the end of the calendar year in which the client relation was terminated) or the retention obligations under tax and commercial law (six years, or eight years for certain documents such as accounting vouchers), and data that is necessary for the pursuit of legitimate interests, for example to assert or defend claims (until the expiry of the limitation period for possible claims, ie as a rule three years after the end of the year in which a claim arose; in the case of claims under Section 15 of the German General Act on Equal Tretment, two months from the end of the application process).

7           Processing of personal data when visiting the lausen.com website

No cookies are used on the website.

When you visit our website, we collect the following data, which is recorded in log files:

  • IP address of the Internet connection from which the visit is made;
  • date and time of access;
  • operating system, browser and other information that your browser transmits to the web server in the HTTP header;
  • the information requested from the web server (ie website content).

The IP address is erased within seven days.

We use the collected data for statistical evaluations to analyse how our website is used. From such evaluations no conclusions relating to identifiable persons can be drawn.

If necessary, we also use the collected data to trace misuse.

The legal basis for this is the protection of legitimate interests pursuant to Article 6(1)(f) GDPR. Our legitimate interests include the improvement of our the website, and ensuring the security of computer systems and taking action in the event of a breach.

8           Data protection information regarding our profile on the “LinkedIn” platform

8.1         Joint controllership

The social network “LinkedIn” is provided by LinkedIn Ireland Unlimited Co., Wilton Place, Dublin 2, Ireland (hereinafter: LinkedIn).

When you use “LinkedIn”, LinkedIn processes your personal data as an independent controller. We have no insight into LinkedIn’s data processing and no influence over it. LinkedIn’s privacy policy can be found at https://de.linkedin.com/legal/privacy-policy.

When you visit our company’s profile on “LinkedIn”, we are “joint controllers” together with LinkedIn within the meaning of Article 26 GDPR in respect of the processing of your personal data that takes place in the context of this visit. We have entered into an agreement on joint controllership with LinkedIn in accordance with Article 26(1) GDPR, which you can view here: https://legal.linkedin.com/pages-joint-controller-addendum.

8.2         Applicability of the above information

With regard to the data protection responsibilities that we have to assume, the above information also applies, mutatis mutandis, to our profile on “LinkedIn”.

8.3         Subject matter, purpose, categories of personal data and legal basis for processing

8.3.1        Processing by us

We use “LinkedIn” for public relations, to market our services and to stay in contact with our business partners and clients. For this purpose, we process the personal data provided by users themselves on the platform (e.g. username, account content, comments).

The legal basis for this processing is the pursuit of legitimate interests (Article 6(1)(f) GDPR). It is in our legitimate interest to present our company and our services to interested parties on social networks. We do not disclose any personal data to third parties. The data will be deleted within the scope of the options provided to us by LinkedIn as soon as it is no longer required for the aforementioned purpose. You can always object to processing that is carried out for the pursuit of legitimate interests (cf Section 9).

8.3.2        Processing by LinkedIn

Please refer to LinkedIn’s privacy policy to find out which of your personal data is processed by LinkedIn when you visit the “LinkedIn” platform and when you visit our profile on the “LinkedIn” platform, on what legal basis this is done, whether this data is also processed in third countries and how long this data is stored by LinkedIn.

Please note that when you visit our “LinkedIn” profile, LinkedIn analyses user behaviour and generates reports (known as Insights). To do this, LinkedIn processes a selection of your personal data. The Insights provided to us by LinkedIn are aggregated and anonymised. They do not allow us to draw any conclusions relating to individual persons who have visited our “LinkedIn” profile.

We do not know how LinkedIn uses the data from visits to our “LinkedIn” profile for its own purposes, to what extent activities on our “LinkedIn” profile are linked to individual persons, how long LinkedIn stores this data, or whether data from visits to our “LinkedIn” profile is disclosed to third parties. In the agreement on joint controllership concluded with LinkedIn, LinkedIn, as the operator of the platfom, recognises joint controllership under data protection law with regard to Insights data and assumes the essential data protection obligations to inform data subjects, ensure data security and report data breaches. According to the agreement, LinkedIn is the primary point of contact for exercising data subjects’ rights. LinkedIn has direct control over the relevant information and can, for example, provide access to personal data.

9           Your rights

Subject to the respective legal requirements you have the following rights:

  • You have the right to withdraw your consent given to us at any time (Article 7(3) GDPR).
  • You have the right to obtain information about whether we process data relating to you and, if so, about the purposes of processing, etc. (Article 15(1) GDPR), as well as to obtain a copy of the data processed about you (Article 15(2) GDPR).
  • You have the right to request the rectification of inaccurate data (Article 16 GDPR).
  • You have the right to request the erasure (Article 17 GDPR) or restriction of processing (Article 18 GDPR) of data that is no longer necessary, unless one of the legal exceptions applies, eg if we are subject to a retention obligation.
  • You have the right to data portability (Article 20 GDPR), ie the right to receive the data you have provided to us in a structured, commonly used and machine-readable format, and the right to transmit this data to another controller without hindrance from us; where applicable, the right to request that we transfer the data directly to another controller, where technically feasible.

Right to object: You may object at any time, on grounds relating to your particular situation, to the processing of your data carried out for the pursuit of legitimate interests; you may object at any time to processing for direct marketing purposes (Article 21 GDPR).

To exercise your rights, please contact the above address.

If you believe that the processing of your data violates data protection laws, you have the right to lodge a complaint with a supervisory authority (Article 77 GDPR). The supervisory authority with local jurisdiction for us is: Bayerisches Landesamt für Datenschutzaufsicht, Promenade 18, 91522 Ansbach, Germany (https://www.lda.bayern.de/).

 

Date of last update: 17 July 2024