Privacy policy

In connection with the business activities of our lawyers, auditors and tax advisors, we, Noerr Partnerschaftsgesellschaft mbB (Noerr PartGmbB) process the personal data of (potential) clients and the employees, representatives and/or advisors of our clients and their employees, opposing parties in legal proceedings and their employees, representatives and/or advisors of opposing parties in legal proceedings and their employees, witnesses, employees of insurers, experts and their employees, employees of courts and/or authorities, employees of the Noerr companies that cooperate with us and the Noerr notary’s offices, as well as the law firms, tax advisory and/or auditing firms outside the Noerr companies and the Noerr notary’s offices that cooperate with us and their employees.

At our law firm we also process the personal data of job applicants and participants in our talent management programme, our (potential) suppliers and their employees, users of our websites and our visitors.

The protection of personal data is important to us. We only process personal data in compliance with the applicable data protection requirements, in particular the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG).

You can show or hide the relevant sections of our privacy policy by clicking ˅ or ˄ at any time. You can also:

Name and contact details of the controller

Noerr Partnerschaftsgesellschaft mbB
Brienner Straße 28
80333 Munich
Germany
info@noerr.com
+49 89 286280

Name and contact details of the controller’s data protection officer

Korbinian Hartl c/o Noerr Partnerschaftsgesellschaft mbB
Brienner Straße 28
80333 Munich
Germany
Korbinian.hartl@noerr.com
+49 89 28628542

In connection with providing our online services, especially our website and services provided on the website, we process the personal data of users of our online services. We process the data of users of our online services in particular to provide those services.

More detailed information on this can be found in the sections that follow.

When the website is used purely for information purposes, the browser used on your end device sends certain information, for example your IP address, for technical reasons to our website’s server.

We process the data of users of our website for the following purposes:

  • Providing the website content requested by the user,
  • ensuring the security of the IT infrastructure used to provide the website,
  • providing cookie consent management for the website,
  • maintaining the user’s status for all page requests,
  • storing the user’s preferred language.

We use cookies (➔ Section C) to provide cookie consent management, to maintain the status of the website and to store the user’s preferred language. To ensure the security of the IT infrastructure used to provide the website, we also store this information temporarily in a “web server log file”.

More detailed information on this can be found in the sections that follow:

Categories of personal data processed

Personal data included in the categories

Data sources

Data subjects’ obligation to provide data

Storage period

HTTP data.

Protocol data which accrue via the Hypertext Transfer Protocol (Secure) (HTTP(S) for technical reasons when the website is visited:

These include IP address, type and version of your internet browser, operating system used, last site accessed before visiting the Website (referrer URL), date and time of visit.

Website users.

The provision of the data is not a statutory or contractual requirement, or a requirement necessary to enter into a contract. You are not obliged to provide the data.

If the data are not provided, we cannot provide the requested website content.

We store the data in server log files in a form that allows your person to be identified for a maximum period of 7 days, unless any security-relevant event occurs (e.g. a DDoS attack).

If there is a security-relevant event, we store the server log files until the security-relevant event has been eliminated and clarified in full.

Opt-in data.

Data which accrue for cookie consent management for this website:

These include consent and, where applicable, your individual selection for the use of cookies on your end device.

We use strictly necessary cookies for cookie consent management. More detailed information on the content of the cookies used can be found in Section C.III.

Website users.

The provision of the data is not a statutory or contractual requirement, or a requirement necessary to enter into a contract. You are not obliged to provide the data.

If the data are not provided, we cannot take any cookies consents into account on this website.

The cookies used for cookie consent management are stored on your end device. Information on the validity period of the cookies used can be found in Section C.III.

Language selection data.

Data used to provide the language selection function:

These in particular include the language selected by you and data that is assigned to you end device when using the language selection function.

We use strictly necessary cookies for the language selection function. More detailed information on the content of the cookies used can be found in Section C.III.

Website users.

The provision of the data is not a statutory or contractual requirement, or a requirement necessary to enter into a contract. You are not obliged to provide the data.

If the data are not provided, the language selection function cannot be provided.

The cookies used for the language selection function are stored on your end device. Information on the validity period of the cookies used can be found in Section C.III.

SessionID data.

Data stored on your end device and with us to maintain your status for all page requests. (“ASP.NET SessionID data” and “JSESSIONID data”).

These include a randomly generated unique identification number as well display of the website content, in particular table lines in this Privacy Policy which are hidden and can be opened by you.

We use strictly necessary cookies to maintain status. More detailed information on the content of the cookies used can be found in Section C.III.

Website users.

The provision of the data is not a statutory or contractual requirement, or a requirement necessary to enter into a contract. You are not obliged to provide the data.

If the data are not provided, status on the website cannot be maintained.

The cookies used for the session ID are store on your end device. Information on the validity period of the cookies used can be found in Section C.III.

Purpose of processing the personal data

Categories of personal data processed

Automated decision making

Legal basis and any legitimate interests

Recipient

Providing website content

We process HTTP data temporarily on our web server in order to provide you with the website content you have accessed.

HTTP data

No automated decisions are made.

The legal basis is a balancing of interests (Article 6(1)(f) GDPR). Our legitimate interest is the provision of the website content accessed by you.

Netzkern AG

Bechtle AG

Security of the IT infrastructure

We process HTTP data temporarily in web server log files to ensure the security of the IT infrastructure used for the website, especially to detect and eliminate faults (such as DDoS attacks) and to document them with evidence.

HTTP data

No automated decisions are made.

The legal basis is a balancing of interests (Article 6(1)(f) GDPR). Our legitimate interest is to ensure the security of the IT infrastructure used for the provision of the website, in particular for fault detection, elimination and documentation with evidence (such as in the case of DDoS attacks).

Netzkern AG

Bechtle AG

Management of cookie consents

We process data from essential cookies (see Section C.III) temporarily on our web server in order to manage your cookie consents for this website. This allows us to determine whether you have already given your consent when you return to the website.

Opt-in data

No automated decisions are made.

The legal basis is a balancing of interests (Article 6(1)(f) GDPR). Our legitimate interest is to manage the cookie consents you have given for this website.

Netzkern AG

Bechtle AG

Retention of states for all page requests

We process data from essential cookies (see Section C.III) temporarily on our web server in order to maintain your status in all page requests. This relates in particular to rows in this privacy policy which are hidden and can be expanded by you.

Session ID data

No automated decisions are made.

The legal basis is a balancing of interests (Article 6(1)(f) GDPR). Our legitimate interest is to provide a user-friendly presentation of the website content you have accessed.

Netzkern AG

Bechtle AG

Saving the preferred language

We process data from essential cookies (see Section C.III) temporarily on our web server in order to save your language preferences.

Language selection data

No automated decisions are made.

The legal basis is a balancing of interests (Article 6(1)(f) GDPR). Our legitimate interest is to provide our website in the language you have selected.

Netzkern AG

Bechtle AG

Recipient

Recipient’s role

Transfer to third countries and/or to international organisations

Adequacy decision or adequate or suitable assurances for transfers to third countries and/or international organisations

Bechtle AG, Bechtle Platz 1, 74172 Neckarsulm, Germany

Processor

EU

-

Netzkern AG, Oberbergische Str. 63, 42285 Wuppertal, Germany

Processor

EU

-

To measure the web audience, we record visits to our website using” tracking pixels”. Tracking pixels are small graphics on websites that record a log file and allow a log file analysis of visits to the websites.

We process data of users of our website for the following purpose:

  • Measurement of web audience.

Categories of personal data processed

Personal data included in the categories

Data sources

Data subjects’ obligation to provide data

Storage period

Tracking pixel HTTP data.

Protocol data accrued via the Hypertext Transfer Protocol (Secure) (HTTP(S)) when the tracking pixels contained in our website are accessed:

Tracking pixels are small graphics on websites that allow recording of a log file and a log file analysis of visits to the websites.

These include IP address, type and version of your internet browser, operating system used, site accessed before visiting the website (referrer URL), date and time of the visit.

Website users.

The provision of the data is not a statutory or contractual requirement, or a requirement necessary to enter into a contract. You are not obliged to provide the data.

If the data are not provided, we cannot carry out any measurement of the web audience.

An “IP anonymisation” is activated on this website for the use of tracking pixels. This means that the IP address transmitted by your browser for technical reasons is anonymised before storage by being shortened (by deleting the last octet of the IP address).

This means that we do not store the other protocol data in a form allowing your person to be identified either.

Purpose of processing the personal data

Categories of personal data processed

Automated decision-making

Legal basis and any legitimate interests

Recipient

 

Measurement of the web audience

For this we record the visits to our website using “tracking pixels” and analyse the data in anonymised form.

Tracking pixel HTTP data.

No automated decision-making takes place.

The legal basis is a valancing of interests (point (f) of Article 6 paragraph 1 GDPR). Our legitimate interest is the measurement of the web audience.

etracker GmbH.

 

Recipient

Recipient’s role

Transfer to third countries and/or to international organisations

Adequacy decision or adequate or suitable assurances for transfers to third countries and/or international organisations

etracker

etracker GmbH, Erste Brunnenstraße 1, 20459 Hamburg, Germany.

Processor.

EU.

-

If you have given your consent to this, we use web analysis technologies to record and analyse your usage behaviour on our website.

We process data of users of our website for the following purposes:

  • To improve the website and better achieve the website’s objectives,
  • to assign the users of our website to a specific company.

We use cookies for these purposes. (➔ Section C)

More detailed information on this can be found in the sections that follow:

Categories of personal data processed

Personal data included in the categories

Data sources

Data subjects’ obligation to provide data

Storage period

 

etracker Analytics

etracker Analytics HTTP data.

Protocol data accrued via the Hypertext Transfer Protocol (Secure) (HTTP(S)) for technical reasons when the web analysis tool etracker Analytics used on the website is used:

These include IP address, type and version of your internet browser, operating system used, site accessed before visiting the site (referrer URL), date and time of the visit.

Website users.

The provision of the data is not a statutory or contractual requirement, or a requirement necessary to enter into a contract. You are not obliged to provide the data.

If the data are not provided, no web analysis using etracker Analytics can be carried out.

An “IP anonymisation” is activated on this website for the use of the web analysis tool etracker Analytics. This means that the IP address transmitted by your browser for technical reasons is anonymised before storage by being shortened (by deleting the last octet of the IP address).

We store these data until the purposes of processing these data specified below have been achieved.

 

etracker Analytics end device data.

Data that etracker assigns to your end device:

These include a unique ID to (re)identify returning visitors.

We use cookies for etracker Analytics. More detailed information on the content of the cookies used can be found in Section C.III.

Website users.

The provision of the data is not a statutory or contractual requirement, or a requirement necessary to enter into a contract. You are not obliged to provide the data.

If the data are not provided, no web analysis using etracker Analytics can be carried out.

We only process these temporarily for the period of time during which you visit the website.

The cookies used for etracker Analytics are stored on your end device. Information on the validity period of the cookies used can be found in Section C.III.

 

etracker Analytics profile data.

Data generated by etracker Analytics and stored in pseudonymous user profiles:

These include information about your use of the website, in particular page impressions, frequency of impressions and time spent on the pages visited assigned to the unique visitor ID of the individual visitor contained in the etracker Analytics end device data.

Generated automatically.

-

We store these data until the purposes of processing these data specified below have been achieved.

 

Albacross Nordic AB

 

Albacross HTTP data.

Protocol data accrued via the Hypertext Transfer Protocol (Secure) (HTTP(S)) for technical reasons when the web analysis tool Albacross used on the website is used.

These include IP address, type and version of your internet browser, operating system used, site accessed before visiting the site (referrer URL), date and time of the visit.

Website users.

The provision of the data is not a statutory or contractual requirement, or a requirement necessary to enter into a contract. You are not obliged to provide the data.

If the data are not provided, no web analysis using Albacross can be carried out.

We store these data until the purposes of processing these data specified below have been achieved.

 

Albacross end device data.

Data that Albacross assigns to your end device:

These include a unique ID to (re)identify returning visitors.

We use cookies for Albacross. More detailed information on the content of the cookies used can be found in Section C.III.

Website users.

The provision of the data is not a statutory or contractual requirement, or a requirement necessary to enter into a contract. You are not obliged to provide the data.

If the data are not provided, no web analysis using Albacross can be carried out.

We only process these temporarily for the period of time during which you visit the website.

The cookies used for Albacross are stored on your end device. Information on the validity period of the cookies used can be found in Section C.III.

 

Albacross profile data.

Data generated by Albacross and stored in pseudonymous user profiles:

These include information about your use of the website, in particular page impressions, frequency of impressions and time spent on the pages visited assigned to the unique visitor ID of the individual visitor contained in the Albacross end device data.

Generated automatically.

For the allocation of an IP address to a specific company: Albacross Nordic AB.

-

We store these data until the purposes of processing these data specified below have been achieved.

 

Purpose of processing the personal data

Categories of personal data processed

Automated decision-making

Legal basis and any legitimate interests

Recipient

etracker Analytics

To improve the website and better achieve the objectives of the website (e.g. increase in number of page impressions):

We record the use of our website and analyse it in pseudonymised form. We mark users of the website in pseudonymised form so that they can be recognised again on the website. We create pseudonymised usage profiles from this information. The pseudonymised usage profiles are not combined with data regarding the bearer of the pseudonym.

The objective of this process is to examine where users come from, which areas of the website they visit and how often and how long which subpages and categories are looked at.

For this we use the etracker Analytics web analysis tool of the same name offered by etracker.

We also process data from cookies temporarily on our web server. More detailed information on the content and purposes of the cookies used can be found in Section C.III.

etracker Analytics HTTP daten,

etracker Analytics end device data,

etracker Analytics profile data.

No automated decision-making takes place.

The legal basis is your consent (point (a)( of Article 6(1) GDPR).

etracker GmbH.

Albacross Nordic AB

To improve the website and better achieve the objectives of the website (e.g. lead generation):

We record your IP address and information that allows us to differentiate between different users from the same IP address, If the IP address is a fixed IP address assigned to a specific company, we can assign the user to this company based on the IP address.

The objective of this process is to find out which companies are interested in our website.

For this we use the web analysis tool of Albacross.

We also process data from cookies temporarily on our web server. More detailed information on the content and purposes of the cookies used can be found in Section C.III.

Albacross HTTP data,

Albacross end device data,

Albacross profile data.

No automated decision-making takes place.

The legal basis is your consent (point (a) of Article 6(1) GDPR).

Albacross Nordic AB.

Recipient

Recipient’s role

Transfer to third countries and/or to international organisations

Adequacy decision or adequate or suitable assurances for transfers to third countries and/or international organisations

etracker Analytics

etracker GmbH, Erste Brunnenstraße 1, 20459 Hamburg, Germany.

Processor.

EU.

-

Albacross

Albacross Nordic AB, Kungsgatan 26, 111 35 Stockholm, Sweden.

Processor.

EU.

-

We offer you the possibility on the website to register for our personalised e-mail newsletter (“Noerr_Insights”). With Noerr_Insights we inform you expertly by e-mail about legal issues that are relevant for you. You can in this respect select the areas of law that interest you and thus compile the issues addressed in your Noerr_Insights yourself. We collect certain information, for example your e-mail address, when you register for the Noerr_Insights and when you access the newsletter. You can unsubscribe from Noerr_Insights at any time, for example by using the link at the bottom of each newsletter. Alternatively, you can also send your unsubscription request at any time by e-mail to datenschutz@noerr.com.

In order to provide with the subscription/unsubscription form for our newsletter on our website, we use cookies on the Website (see Section C) with which we process personal data.

We process data of our newsletter subscribers for the following purposes:

  • Sending of Noerr_Insights, invitations to events and information on special occasions. The optionally provided information is used to personalise Noerr_Insights and for the targeted selection of relevant information,
  • providing the form for subscribing and unsubscribing from our newsletter on the website,
  • “double opt-in” procedure to confirm the subscriber,
  • storing and processing for evidence purposes for any establishment, exercise or defence of legal claims,
  • analysis of the usage behaviour of newsletter subscribers in our newsletter and creation of usage profiles using pseudonyms for the purpose of personalising the newsletter.

More detailed information on this can be found in the sections that follow:

Categories of personal data processed

Personal data included in the categories

Data sources

Data subjects’ obligation to provide data

Storage period

Registration data.

Data we collect during the registration for the newsletter:

These include e-mail address (required), title, first name, last name (voluntary).

Newsletter subscribers.

The provision of the data is not a statutory or contractual requirement, or a requirement necessary to enter into a contract. You are not obliged to provide the data.

If the data are not provided, we cannot provide any newsletters.

We store these data as long as you are registered for our newsletter.

We in addition store these data for evidence purposes for the establishment, exercise or defence of any legal claims for an interim period of three years commencing at the end of the year in which you unsubscribed and in the event of any legal disputes until such have been concluded.

HTTP data.

Protocol data which accrue via the Hypertext Transfer Protocol (Secure) (HTTP(S)) (“HTTP Data) for technical reasons when the subscription and unsubscription form for our newsletter is accessed on our website:

These include IP address, type and version of your internet browser, operating system used, site accessed before visiting the Website (referrer URL), date and time of the visit.

Website users.

The provision of the data is not a statutory or contractual requirement, or a requirement necessary to enter into a contract. You are not obliged to provide the data.

If the data are not provided, we cannot provide the requested website content.

We store these data for 7 days, unless any security-relevant event occurs (e.g. a DDoS attack).

If there is a security-relevant event, we store the data until the security-relevant event has been eliminated and clarified in full.

Subscription and unsubscription data.

Protocol data which accrue for technical reasons during subscription and unsubscription of the newsletter:

These include date and time of subscription to newsletter, date and time when registration notification is sent in double opt-in procedure, date and time of confirmation of registration in the double opt-in procedure as well as IP address of the end device used for the confirmation, date and time of any unsubscription from newsletter.

Newsletter subscribers.

The provision of the data is not a statutory or contractual requirement, or a requirement necessary to enter into a contract. You are not obliged to provide the data.

If the data are not provided, we cannot provide any newsletters.

We store these data as long as you are registered for our newsletter.

We in addition store these data for evidence purposes for the establishment, exercise or defence of any legal claims for an interim period of three years commencing at the end of the year in which you unsubscribed and in the event of any legal disputes until such have been concluded.

Tracking pixel data.

Protocol data accrued via the Hypertext Transfer Protocol (Secure) (HTTP(S)) when the tracking pixels contained in our newsletter is accessed:

Tracking pixels are small graphics in HTML e-mails that allow recording of a log file and a log file analysis of access to the e-mails.

These include IP address, type and version of your internet browser, operating system used, page accessed, site accessed before visiting the Website (referrer URL), date and time of the visit.

Newsletter subscribers.

The provision of the data is not a statutory or contractual requirement, or a requirement necessary to enter into a contract. You are not obliged to provide the data.

If the data are not provided, we cannot any analysis of newsletter usage behaviour.

We store these data as long as you are registered for our newsletter.

Usage profile data.

Data in usage profiles that we create by analysing usage behaviour regarding the newsletter using pseudonyms:

These include data about the use of the newsletter, in particular, access, access frequency and time spent in accessed newsletters.

Generated automatically.

-

We store these data as long as you are registered for our newsletter.

Purpose of processing the personal data

Categories of personal data processed

Automated decision-making

Legal basis and any legitimate interests

Recipient

Dispatch of Noerr_Insights

We process data in order to send you Noerr_Insights, invitations to events and information about special occasions. By allowing you to optionally specify information, we enable you to personalise Noerr_Insights and process this data for the targeted selection of relevant information. We use the title and your name specified during registration to address you personally in our newsletter.

Registration data,

subscription and unsubscription data.

No automated decision-making takes place.

The legal basis is your consent (point (a) of Article 6 (1) GDPR).

If you download a whitepaper offered for download by us and subscribe to our newsletter in return when entering into the contract, the legal basis for mailing our newsletters is performance of the contract (point (b) of Article 6 paragraph 1 GDPR). In cases where we ask to use your data in return for the download, we state this clearly in the terms and conditions of participation for conclusion of the contract.

Inxmail GmbH.

Provision of the newsletter subscription/unsubscription form on our website.

For this we process HTTP data temporarily on our web server.

For this we also process data from strictly necessary cookies temporarily on our web server. More detailed information on the content and purposes of the cookies used can be found in Section C.III.

HTTP data.

No automated decision-making takes place.

The legal basis is a balancing of interests (point (f) of Article 6 paragraph 1 GDPR). Our legitimate interest is provision of the website content requested by you.

Bechtle AG.

“Double opt-in” procedure to confirm the subscription.

For this we send an e-mail message requesting confirmation to the e-mail address given by you when registering for the newsletter. Any subscription first becomes effective when the subscriber has confirmed the e-mail address by accessing the confirmation link in the e-mail.

Registration data,

subscription and unsubscription data.

No automated decision-making takes place.

The legal basis is a balancing of interests (point (f) of Article 6 paragraph 1 GDPR). Our legitimate interest is the legally secure documentation of your consent to receiving the newsletter.

Inxmail GmbH.

Evidential purposes

We process and store data for evidence purposes, for example for any establishment, exercise or defence of legal claims.

Registration data,

subscription and unsubscription data.

No automated decision-making takes place.

The legal basis is a balancing of interests (point (f) of Article 6 paragraph 1 GDPR). Our legitimate interest is the establishment, exercise and defence of legal claims.

Inxmail GmbH.

Analyse

We process and store data to analyse your behaviour in our newsletter as a newsletter subscriber and create pseudonymised usage profiles to personalise the newsletter.

Registration data,

subscription and unsubscription data,

tracking pixel data,

usage profile data.

No automated decision-making takes place.

The legal basis is your consent (point (a) of Article 6 paragraph 1 GDPR).

Inxmail GmbH.

Recipient

Recipient’s role

Transfer to third countries and/or to international organisations

Adequacy decision or adequate or suitable assurances for transfers to third countries and/or international organisations

Inxmail

Inxmail GmbH, Wentzingerstr. 17, 79106 Freiburg, Germany.

Processor.

EU.

-

Bechtle

Bechtle AG, Bechtle Platz 1, 74172 Neckarsulm, Germany.

Processor.

EU.

-

Webinars are online presentations or events with a speaker who gives a live speech. Using Noerr webinars (webinare.noerr.com) requires registration as a member. Your name, your valid e-mail address and a password are required to register as a member. We store the password specified by you in encrypted form. To inform other members about yourself you can describe yourself in more detail by providing more data in your member profile. Under Settings -> Privacy in your member account you can, however, determine which persons can access your member profile to what extent. Your address, telephone number, e-mail address and bank details are not shown in your member profile.

We process the data of webinar participants for the following purposes:

  • Providing and streaming webinars after registration in the registered user area,
  • providing the subscription and unsubscription form for our webinars on the website,
  • “double opt-in” procedure to confirm subscription,
  • storing webinars for replay,
  • storing and processing for evidence purposes for any establishment, exercise and defence of legal claims,
  • analysing usage behaviour of webinar participants in the registered area and creation of usage profiles using pseudonyms.

We use cookies (see Section C) on the website to provide you with the form for subscribing/unsubscribing to our webinars on our website.

More detailed information on this can be found in the sections that follow:

Categories of personal data processed

Personal data included in the categories

Data sources

Data subjects’ obligation to provide data

Storage period

Registration data.

Data that we collect during registration:

These include e-mail address, title, first name, last name, password.

Webinar users.

The provision of the data is not a statutory or contractual requirement, or a requirement necessary to enter into a contract. You are not obliged to provide the data.

If the data are not provided, it is not possible to participate in the webinars.

We store these data as long as you are registered for our webinars.

We in addition store these data for evidence purposes for the establishment, exercise or defence of any legal claims for an interim period of three years commencing at the end of the year in which you unsubscribe and in the event of any legal disputes until such have been concluded.

HTTP data.

Protocol data which accrue via the Hypertext Transfer Protocol (Secure) (HTTP(S)) for technical reasons when the subscription/unsubscription form for webinars is accessed:

These include IP address, type and version of your Internet browser, operating system used, page accessed, site accessed before visiting the Website (referrer URL), date and time of the visit.

Website users.

The provision of the data is not a statutory or contractual requirement, or a requirement necessary to enter into a contract. You are not obliged to provide the data.

If the data are not provided, we cannot provide the requested website content.

We store these data for 7 days, unless any security-relevant event occurs (e.g. a DDoS attack).

If there is a security-relevant event, we store the data until the security-relevant event has been eliminated and clarified in full.

Webinar form cookie data.

Data stored on your end device in cookies (see Section C.III.) strictly necessary to provide the subscription/subscription form for our webinars.

Website users.

The provision of the data is not a statutory or contractual requirement, or a requirement necessary to enter into a contract. You are not obliged to provide the data.

If the data are not provided, we cannot provide the requested website content.

We store these data for the duration of a session.

Subscription and unsubscription data.

Protocol data which accrue for technical reasons during webinar subscription/unsubscription:

These include date and time of subscription, date and time subscription message is sent, date and of time subscription confirmation as well as IP address of device used for confirmation, date and time of any unsubscription.

Webinar users.

The provision of the data is not a statutory or contractual requirement, or a requirement necessary to enter into a contract. You are not obliged to provide the data.

If the data are not provided, we cannot provide the webinar functions.

We store these data as long as you are registered for our webinars.

We in addition store these data for evidence purposes for the establishment, exercise or defence of any legal claims for an interim period of three years commencing at the end of the year in which you unsubscribe and in the event of any legal disputes until such have been concluded.

Usage profile data.

Data in usage profiles which we create by analysing your usage behaviour when participating in webinars using pseudonyms:

These include data on the use of the webinar functions, in particular access, access frequency and time spent using function.

Generated automatically.

-

We only store these data as long as you are registered for our webinars.

Content of accessed webinars.

Recordings of webinars:

These include questions asked publically by webinar participants.

Webinar users.

The provision of the data is not a statutory or contractual requirement, or a requirement necessary to enter into a contract. You are not obliged to provide the data.

We store these data until the purposes of processing these data specified below have been achieved.

Purpose of processing the personal data

Categories of personal data processed

Automated decision-making

Legal basis and any legitimate interests

Recipient

Providing website content

We process data in order to provide and stream webinars after registration in the registered user area.

Registration data,

subscription and unsubscription data,

content of webinars accessed.

No automated decision-making takes place.

The legal basis is the performance of a contract to which you are party (point (b) of Article 6 paragraph 1 GDPR).

edudip GmbH.

Provision of forms

We provide the subscription/unsubscription form for our webinars on the website.

For this we process HTTP data temporarily on our web server.

Data from strictly necessary cookies (see Section C.) are processed temporarily on our web server to provide the subscription/unsubscription form for our webinars on the website.

HTTP data,

webinar form cookie data.

No automated decision-making takes place.

The legal basis is a balancing of interests (point (f) of Article 6 paragraph 1 GDPR). Our legitimate interest is the provision of the website content requested by you.

edudip GmbH.

“Double opt-in” procedure to confirm subscription

For this we send an e-mail message requesting confirmation to the e-mail address given by you when subscribing for webinars.

Subscription and unsubscription data.

No automated decision-making takes place.

The legal basis is a balancing of interests (point (f) of Article 6 paragraph 1 GDPR). Our legitimate interest is the legally secure documentation of your registration for our webinars.

edudip GmbH.

Playing the webinars again

We store the webinars so that we can replay them.

Content of the accessed webinars.

No automated decision-making takes place.

The legal basis is your consent (point (a) of Article 6(1) GDPR).

edudip GmbH.

Evidential purposes

We store and process data for evidence purposes for any establishment, exercise or defence of legal claims.

Subscription and unsubscription data.

No automated decision-making takes place.

The legal basis is a balancing of interests (point (f) of Article 6 paragraph 1 GDPR). Our legitimate interest is the establishment, exercise and defence of legal claims.

edudip GmbH.

Analyse

We analyse you usage behaviour as webinar participant in the registered area and create usage profiles using pseudonyms.

Subscription and unsubscription data,

tracking pixel data,

usage profile data.

No automated decision-making takes place.

The legal basis is your consent (point (a) of Article 6 paragraph 1 GDPR).

edudip GmbH.

Recipient

Recipient’s role

Transfer to third countries and/or to international organisations

Adequacy decision or adequate or suitable assurances for transfers to third countries and/or international organisations

edudip GmbH

edudip GmbH, Jülicher Straße 306, 52070 Aachen, Germany.

Processor.

EU.

-

We offer you the possibility on the website to apply for a job with us using a contact form (“Job Applicant Platform”).

We process personal data of our job applicants for the following purposes:

  • To provide the Job Applicant Platform content requested by the user,
  • to accept job applications.

Please see Section B “Applicants” for information on the conducting of the application process, in particular reviewing applications, contacting the applicant and conducting interviews to evaluate and select suitable applicants.

More detailed information on this can be found in the sections that follow:

Categories of personal data processed

Personal data included in the categories

Data sources

Data subjects’ obligation to provide data

Storage period

HTTP data.

Protocol data which accrue via the Hypertext Transfer Protocol (Secure) (HTTP(S)) for technical reasons when the platform is accessed:

These include IP address, type and version of your Internet browser, operating system used, page accessed, site accessed before visiting the Website (referrer URL), date and time of the visit.

Platform users.

The provision of the data is not a statutory or contractual requirement, or a requirement necessary to enter into a contract. You are not obliged to provide the data.

If the data are not provided, it is not possible to use the Job Applicant Platform.

We store the HTTP data in server log files in a form allowing your person to be identified for a maximum of 7 days, unless any security-relevant event occurs (e.g. a DDoS attack).

If a security-relevant event occurs, we store the server log files until the security-relevant event has been eliminated and clarified in full.

Master data.

Data which you specify yourself:

These include mandatory information (title, first name, last name) and optionally specifying date of birth.

Job applicants.

The provision of the data is not a statutory or contractual requirement, or a requirement necessary to enter into a contract. You are not obliged to provide the data.

If the data are not provided, however, it may not be possible to conduct the application process and, where applicable, to hire an applicant.

If an application is successful, we transfer the data to the personnel file and store the data beyond the period of the application process in accordance with the applicable statutory provisions.

If you withdraw application, the application is unsuccessful or you delete your applicant profile, we store the data beyond the period of the application process for an additional six months.

Contact data.

Data which you specify yourself.

These include the mandatory entry of the private e-mail address.

Job applicants.

The provision of the data is not a statutory or contractual requirement, or a requirement necessary to enter into a contract. You are not obliged to provide the data.

If the data are not provided, however, it may not be possible to conduct the application process and, where applicable, to hire an applicant.

If an application is successful, we transfer the data to the personnel file and store the data beyond the period of the application process in accordance with the applicable statutory provisions.

If you withdraw your application, the application is unsuccessful or you delete your applicant profile, we store the data beyond the period of the application process for an additional six months.

Application data.

Data that you specify yourself:

These include optional information (e.g. profile picture and other documents such as CV, covering letter, complete application, certificates and references.

Job applicants.

The provision of the data is not a statutory or contractual requirement, or a requirement necessary to enter into a contract. You are not obliged to provide the data.

If the data are not provided, however, it may not be possible to conduct the application process and, where applicable, to hire an applicant.

If an applicant is hired, the data will be entered in the personnel file. Information on the storage duration is provided in the information on the processing of the personal data of our employees.

If an applicant participates in our talent management programme, the data are stored after completion of the application process for the duration of participation in the talent management programme.

Otherwise the data will be stored for evidence purposes for the possible establishment, exercise and defence of legal claims for a period of six months after completion of the application process.

Purpose of processing the personal data

Categories of personal data processed

Automated decision-making

Legal basis and any legitimate interests

Recipient

Provision of content

We process data in order to provide the job applicant platform content requested by you.

HTTP data.

No automated decision-making takes place.

The legal basis is a balancing of interests (point (f) of Article 6 paragraph 1 GDPR). Our legitimate interest is the provision of the platform content requested by you.

Bechtle AG,

Persis GmbH.

Provision of forms

We process data in order to provide the form for the acceptance of application documents by us.

Master data,

contact data,

application data.

No automated decision-making takes place.

The legal basis is taking steps prior to entering into a contract (point (b) of Article 6 paragraph 1 GDPR).

Persis GmbH.

Recipient

Recipient’s role

Transfer to third countries and/or to international organisations

Adequacy decision or adequate or suitable assurances for transfers to third countries and/or international organisations

Persis

Persis GmbH, Theodor-Heuss-Straße 5, 89518 Heidenheim an der Brenz, Germany.

Processor.

EU.

-

Bechtle

Bechtle AG, Bechtle Platz 1, 74172 Neckarsulm, Germany.

Processor.

EU.

-

In connection with the business activities of our lawyers, auditors and tax advisors, we, Noerr PartGmbB process the personal data of (potential) clients and their employees, representatives and/or advisors of our clients and their employees, opposing parties in legal proceedings and their employees, representatives and/or advisors of opposing parties in legal proceedings and their employees, witnesses, employees of insurers, experts and their employees, employees of courts and/or authorities, employees of the Noerr companies that cooperate with us and the Noerr notary’s offices, as well as the law firms, tax advisory and/or auditing firms outside the Noerr companies and the Noerr notary’s offices that cooperate with us and their employees for the following purposes:

  • Identification of our (potential) clients, their economic beneficiary, the persons acting for them and their authorisation before or upon establishing the client relationship and carry out a comparison with sanctions lists,
  • conflict check to avoid conflicts of interests before establishing the client relationship,
  • preparation of the client relationship in particular for pre-contractual correspondence to prepare offers and cost estimates,
  • advising and representing our clients appropriately in connection with the engagement, in particular to exercise and defend the rights of our clients, including correspondence with our clients, opposing parties in legal proceedings and their representatives, witnesses as well as with courts and/or authorities,
  • sending correspondence and other items on behalf of our clients in connection with engagements,
  • disbursement, receipt or forwarding of third-party funds on behalf of our clients in connection with engagements,
  • translations on behalf of our clients in connection with engagements,
  • proper internal administration, including maintaining reference files and the operation of IT systems for administrative purposes,
  • proper accounting and invoicing,
  • proper retention of documents in order to meet statutory, professional, anti-money laundering, commercial and tax law retention obligations and for evidence purposes for any establishment, exercise or defence of legal claims,
  • settlement any existing liability claims and the exercise of any claims against our clients,
  • cooperate with courts and/or authorities in order to comply with statutory obligations,
  • liaison with external auditors and tax advisors in order to comply with statutory obligations,
  • client relationship management and the alignment of our advisory services with the needs and wishes of our (potential) clients,
  • naming of references for rankings and analyses by press publishers and analysts.

More detailed information on this can be found in the sections that follow:

Categories of personal data processed

Personal data included in the categories

Data sources

Data subjects’ obligation to provide data

Storage period

Identification data.

Information that we receive to identify our (potential) clients, their economic beneficiaries, the persons acting for them and their authorisation.

This includes data from copies of personal identity cards and data from commercial register excerpts.

(Potential) clients,

courts and/or authorities,

other Noerr companies and Noerr notary’s offices,

cooperating law firms, tax advisory and/or auditing firms outside the Noerr companies.

The provision of these data is required by law.

If these data are not provided, the identification required by law may not be possible.

We store the data until the retention obligation under anti-money laundering law ends, i.e. for a period of five years after the end of the calendar year in which the business relationship was ended or the information was identified (sec 8(4) German Anti-Money Laundering Act (Geldwäschegesetz – GWG)).

We also store the data if other statutory, in particular commercial or tax law document retention obligations exist. Depending on the document type, document retention requirements under commercial or tax law can be between six and ten years (sec. 147 German Tax Code (Abgabenordnung – AO), sec. § 257 German Commercial Code (Handelsgesetzbuch – HGB)).

Contact data.


 

Information that we receive for contacting and corresponding with our contacts.

These contacts include (potential) clients and the employees, representatives and/or advisors of our clients and their employees, opposing parties in legal proceedings and their employees, representatives and/or advisors of opposing parties in legal proceedings and their employees, witnesses, employees of insurers, experts and their employees, employees of courts and/or authorities, as well as employees of other Noerr companies and Noerr notary’s offices and cooperating law firms, tax advisory and/or auditing firms outside the Noerr companies and the Noerr notary’s offices.

This information includes salutation, title, first name, surname, e-mail address, address, fax number, telephone number and position/function of the individual contact.

(Potential) clients, representatives and/or advisors of our clients,

Opposing parties in legal proceedings, representatives and/or advisors of opposing parties in legal proceedings,

witnesses,

insurers,

experts,

courts and/or authorities,

other Noerr companies and Noerr notary’s offices,

cooperating law firms, tax advisory and/or auditing firms outside the Noerr companies.

The provisions of these data is not required by law or contract.

The provision of the client’s contact data is required for the conclusion of an engagement agreement.

The provision of the contact data of employees of our clients, representative and/or advisors of our clients and their employees, opposing parties in legal proceedings and their employees, representative and/or advisors of opposing parties in legal proceedings and their employees, witnesses, employees of insurers, experts and their employees, employees of courts and/or authorities as well as advisors and/or employees of other Noerr companies or cooperating law firms, tax advisory and/or auditing firms outside the Noerr companies may also be necessary in order to advise and represent our clients.

If these data are not provided, it may not be possible to process the engagement.

We store these data until the purposes of processing these data specified below have been achieved.

We also store the data if other statutory, in particular commercial or tax law document retention obligations exist. Depending on the document type, document retention requirements under commercial or tax law can be between six and ten years (sec. 147 German Tax Code (Abgabenordnung – AO), sec. § 257 German Commercial Code (Handelsgesetzbuch – HGB)).

Client data.1

Information that we receive from our clients, representatives and/or advisors of our clients, opposing parties in legal proceedings, representatives and/or advisors of opposing parties in legal proceedings, witnesses, insurers, experts, courts and/or authorities in order to advise and represent our clients in connection with the engagement.

This in particular includes the content of documents provided to us in connection with the engagement (as far as it relates to identified or identifiable natural persons).

This also includes bank details (IBAN, BIC, bank, account holder) for the disbursement of third-party funds.

Clients, representatives and/or advisors of our clients,

opposing parties in legal proceedings, representatives and/or advisors of opposing parties in legal proceedings,

witnesses,

insurers,

experts,

courts and/or authorities.

The provision of these data is not required by law or contract.

Provision may, however, be necessary to advise and represent our clients.

If these data are not provided, it may not be possible to process the engagement.

We store these data until the purposes of processing these data specified below have been achieved.

We also store the data if other statutory, in particular commercial or tax law document retention obligations exist. Depending on the document type, document retention requirements under commercial or tax law can be between six and ten years (sec. 147 German Tax Code (Abgabenordnung – AO), sec. § 257 German Commercial Code (Handelsgesetzbuch – HGB)).

Client data.2

Information that we receive from our clients, representatives and/or advisors of our clients, opposing parties in legal proceedings, representatives and/or advisors of opposing parties in legal proceedings, witnesses, insurers, experts, courts and/or authorities in order to disburse third-party funds in connection with the engagement.

This includes bank details (IBAN, BIC, bank, account holder).

Clients, representatives and/or advisors of our clients,

opposing parties in legal proceedings, representatives and/or advisors of opposing parties in legal proceedings,

witnesses,

insurers,

experts,

courts and/or authorities.

The provision of these data is not required by law or contract.

Provision may, however, be necessary to advise and represent our clients.

If these data are not provided, it may not be possible to disburse third-party funds.

We store these data until the purposes of processing these data specified below have been achieved.

We also store the data if other statutory, in particular commercial or tax law document retention obligations exist. Depending on the document type, document retention requirements under commercial or tax law can be between six and ten years (sec. 147 German Tax Code (Abgabenordnung – AO), sec. § 257 German Commercial Code (Handelsgesetzbuch – HGB)).

Client data.3

Data generated in connection with correspondence with our clients, representatives and/or advisors of our clients, opposing parties in legal proceedings, representatives and advisors of opposing parties in legal proceedings, witnesses, insurers, experts, courts and/or authorities, other Noerr companies and Noerr notary’s offices or cooperating law firm, tax advisory and/or auditing firms outside the Noerr companies.

These in particular include the content of oral and written (including electronic) correspondence and protocol data generated for technical reasons in the case of electronic correspondence (as far as it relates to identified or identifiable natural persons).

Clients, representatives and/or advisors of our clients,

opposing parties in legal proceedings, representatives and/or advisors of opposing parties in legal proceedings,

witnesses,

insurers,

experts,

courts and/or authorities,

other Noerr companies and Noerr notary’s offices,

cooperating law firm, tax advisory and/or auditing firms outside the Noerr companies.

The provision of these data is not required by law or contract.

Provision may, however, be necessary to advise and represent our clients.

If these data are not provided, it may not be possible to process the engagement.

We store these data until the purposes of processing these data specified below have been achieved.

We also store the data if other statutory, in particular commercial or tax law document retention obligations exist. Depending on the document type, document retention requirements under commercial or tax law can be between six and ten years (sec. 147 German Tax Code (Abgabenordnung – AO), sec. § 257 German Commercial Code (Handelsgesetzbuch – HGB)).

Client data.4

Information that we generate in-house to advise and represent our clients as part of the engagement.

This in particular includes client identification numbers, file numbers, contents of notes to file, memoranda, expert opinions, pleadings and other documented results of our advice and representation as part of the engagement (as far as they relate to identified or identifiable natural persons).

Generated in-house.

-

We store these data until the purposes of processing these data specified below have been achieved.

We also store the data if other statutory, in particular commercial or tax law document retention obligations exist. Depending on the document type, document retention requirements under commercial or tax law can be between six and ten years (sec. 147 German Tax Code (Abgabenordnung – AO), sec. § 257 German Commercial Code (Handelsgesetzbuch – HGB)).

Billing data.1

Data that we receive from our clients for billing purposes as part of the engagement.

These in particular also include the VAT identification number.

Clients.

The provision of these data is required by law.

If these data are not provided, proper billing is not possible.

We store these data until the purposes of processing these data specified below have been achieved.

We also store the data if other statutory, in particular commercial or tax law document retention obligations exist. Depending on the document type, document retention requirements under commercial or tax law can be between six and ten years (sec. 147 German Tax Code (Abgabenordnung – AO), sec. § 257 German Commercial Code (Handelsgesetzbuch – HGB)).

Billing data.2

Data that we generate in-house for billing purposes as part of the engagement.

These in particular include accounts receivable numbers, invoice numbers, file numbers, content of internal time recording, activity reports, details of any expenses and data relating to payment transactions, in particular date and amounts paid.

Generated in-house.

-

We store these data until the purposes of processing these data specified below have been achieved.

We also store the data if other statutory, in particular commercial or tax law document retention obligations exist. Depending on the document type, document retention requirements under commercial or tax law can be between six and ten years (sec. 147 German Tax Code (Abgabenordnung – AO), sec. § 257 German Commercial Code (Handelsgesetzbuch – HGB)).

Purpose of processing the personal data

Categories of personal data processed

Automated decision-making

Legal basis and any legitimate interests

Recipient

Identification of our (potential) clients, their economic beneficiaries, the persons acting for them and their authorisation before or upon establishing the client relationship.

We carry out the identification in coordination with the other Noerr companies and Noerr notary’s offices in order to avoid the renewed identification by other companies of clients already identified.

Identification data.

No automated decision-making takes place.

The legal basis for the identification is compliance with a legal obligation, in particular the German Anti-Money Laundering Act (Geldwäschebekämpfungsgesetzes- GWG) (point (c) of Article 6 paragraph 1 of the General Data Protection Regulation) and a balancing of interests (point (f) of Article 6 paragraph 1 of the General Data Protection Regulation). Our legitimate interest is knowing who our contractual partner is.

The legal basis for the coordination with the other Noerr companies and Noerr notary’s offices is a balancing of interests (point (f) of Article 6 paragraph 1 of the General Data Protection Regulation). Our legitimate interest is to fulfil identification obligations as efficiently as possible within the Noerr companies and the Noerr notary’s offices.

Dependent branches of Noerr PartGmbB outside the EU,

Noerr companies,

Noerr notary’s offices.

Comparison with sanctions lists before the client relationship is established.

Contact data.

No automated decision-making takes place.

The legal basis for the conflict check is compliance with a legal obligation (point (c) of Article 6 paragraph 1 of the General Data Protection Regulation).

-

Conflict check to avoid conflicts of interest before establishing the client relationship.

We carry out the conflict check in coordination with the other Noerr companies and Noerr notary’s offices in or to avoid any conflicts of interest within the Noerr companies and Noerr notary’s offices.

Contact data,

clients data.

No automated decision-making takes place.

The legal basis for the conflict check is compliance with a legal obligation (point (c) of Article 6 paragraph 1 of the General Data Protection Regulation) and balancing of interests (point (f) of Article 6 paragraph 1 of the General Data Protection Regulation). Our legitimate interest is the avoidance of conflicts of interest.

The legal basis for the coordination with the other Noerr offices and Noerr notary’s offices is a balancing of interests (point (f) of Article 6 paragraph 1 of the General Data Protection Regulation). Our legitimate interest is the best-possible avoidance of conflicts of interest within the Noerr companies and the Noerr notary’s offices.

Dependent branches of Noerr PartGmbB outside the EU,

Noerr companies,

Noerr notary’s offices.

Preparation of the client relationship, in particular pre-contractual correspondence for the preparation of offers and costs estimate.

Depending on the engagement, coordination with other Noerr companies and/or law firms, tax advisory and/or auditing firms outside the Noerr companies may be necessary in the individual case. This can for example be the case if an engagement requires advice services of local counsel in other jurisdictions.

Depending on the engagement, coordination may also be required in the individual case with representatives and/or advisors of the client or insurers of the client for the preparation of the engagement.

Contact data,

client data.

No automated decision-making takes place.

If the data subject is our client, the legal basis is taking steps at the request of the data subject prior to entering into a contract (point (b) of Article 6 paragraph 1 of the General Data Protection Regulation).

If the data subject is not our client, the legal basis is a balancing of interests (point (f) of Article 6 paragraph 1 of the General Data Protection Regulation). Our legitimate interest is taking steps at the request of our potential client prior to entering into a contract.

Dependent branches of Noerr PartGmbB outside the EU,

Noerr companies,

cooperating law firm, tax advisory and/or auditing firms outside the Noerr companies,

representatives and/or advisors of the client,

insurers.

Advising and representing clients appropriately in connection with engagements, in particular exercising and defending the rights of our clients, including correspondence with our clients, opposing parties in legal proceedings and representatives of opposing parties in legal proceedings, witnesses, insurers, experts and/or service providers, courts and/or authorities.

Depending on the engagement, coordination with other Noerr companies and/or law firms, tax advisory and/or auditing firms outside the Noerr companies may be necessary in the individual case. This can for example be the case if an engagement requires advice services of local counsel in other jurisdictions.

Contact data,

client data.

No automated decision-making takes place.

If the data subject is our client, the legal basis is the performance of a contract, to which the data subject is party (point (b) of Article 6 paragraph 1 of the General Data Protection Regulation).

If the data subject is not our client, the legal basis is a balancing of interests (point (f) of Article 6 paragraph 1 of the General Data Protection Regulation). Our legitimate interest is the performance of the contract with our client.

Dependent branches of Noerr PartGmbB outside the EU,

Noerr companies,

Noerr notary’s offices,

cooperating law firms, tax advisory and/or auditing firms outside the Noerr companies,

clients,

representatives and/or advisors of clients,

opposing parties in legal proceedings,

representatives and/or advisors of opposing parties in legal proceedings,

witnesses,

insurers,

experts and/or other service providers,

courts and/or authorities.

Sending of correspondence or other items on behalf of our clients in connection with engagements.

To send correspondence and other items, we communicate the address details of the sender and the recipient to the relevant shipping/courier services provider.

Contact data.

No automated decision-making takes place.

If the data subject is our client, the legal basis is the performance of a contract, to which the data subject is party (point (b) of Article 6 paragraph 1 of the General Data Protection Regulation).

If the data subject is not our client, the legal basis is a balancing of interests (point (f) of Article 6 paragraph 1 of the General Data Protection Regulation). Our legitimate interest is the performance of the contract with our client.

Shipping/courier service providers.

Disbursement, receipt or forwarding of third-party funds on behalf of our clients in connection with engagements.

Contact data,

client data.

No automated decision-making takes place.

If the data subject is our client, the legal basis is the performance of a contract, to which the data subject is party (point (b) of Article 6 paragraph 1 of the General Data Protection Regulation).

If the data subject is not our client, the legal basis is a balancing of interests (point (f) of Article 6 paragraph 1 of the General Data Protection Regulation). Our legitimate interest is the performance of the contract with our client.

Clients,

representatives and/or advisors of clients,

opposing parties in legal proceedings,

representatives and/or advisors of opposing parties in legal proceedings,

courts and/or authorities,

banks,

IT service providers.

Translations on behalf of our clients in connection with engagements.

Depending on the engagement, coordination with other Noerr companies and Noerr notary’s offices and/or law firms, tax advisory and/or auditing firms outside the Noerr companies and Noerr notary’s offices may be necessary in the individual case. This can for example be the case if a client requires a translation or the legal review of a translation by local counsel in other jurisdictions.

Contact data,

client data.

No automated decision-making takes place.

If the data subject is our client, the legal basis is the performance of a contract, to which the data subject is party (point (b) of Article 6 paragraph 1 of the General Data Protection Regulation).

If the data subject is not our client, the legal basis is a balancing of interests (point (f) of Article 6 paragraph 1 of the General Data Protection Regulation). Our legitimate interest is the performance of the contract with our client.

Dependent branches of Noerr PartGmbB outside the EU,

Noerr companies,

Noerr notary’s offices.

Proper internal law firm administration, including the maintenance of reference files and operation of IT systems for administrative purposes.

We carry out internal administration in coordination with the other Noerr companies and Noerr notary’s offices to ensure that internal administration is as efficient as possible.

We use specialist service providers for the operation of our IT that process that data on our behalf.

Contact data,

client data,

billing data.

No automated decision-making takes place.

The legal basis is on the one hand compliance with a legal obligation (point (c) of Article 6 paragraph 1 of the General Data Protection Regulation), in particular compliance with professional ethics obligations for the proper maintenance of reference files.

The legal basis is also a balancing of interests (point (f) of Article 6 paragraph 1 of the General Data Protection Regulation). Our legitimate interest is proper internal administration.

The legal basis for the coordination with the other Noerr companies and the Noerr notary’s offices is a balancing of interests (point (f) of Article 6 paragraph 1 of the General Data Protection Regulation). Our legitimate interest is ensuring that internal administration within the Noerr companies and Noerr notary’s offices is as efficient as possible.

Dependent branches of Noerr PartGmbB outside the EU,

Noerr companies,

Noerr notary’s offices,

IT service providers.

Proper accounting and invoicing.

Contact data,

billing data.

No automated decision-making takes place.

The legal basis is on the one hand compliance with a legal obligation (point (c) of Article 6 paragraph 1 of the General Data Protection Regulation), in particular compliance with statutory requirements for proper accounting.

If the data subject is our client, the legal basis for the invoicing is the performance of a contract to which the data subject is party (point (b) of Article 6 paragraph 1 of the General Data Protection Regulation).

If the data subject is not our client, the legal basis for the invoicing is a balancing of interests (point (f) of Article 6 paragraph 1 of the General Data Protection Regulation). Our legitimate interest is the performance of the contract with our client.

Payroll and financial accounting service providers.

Proper retention of documents in order to comply with statutory, professional, anti-money laundering, commercial and tax law retention obligations and for evidence purposes for any establishment, exercise or defence of legal claims.

Depending on the type of documents, document retention requirements under commercial or tax law can be between six and ten years (sec. 147 German Tax Code (Abgabenordnung – AO), sec. § 257 German Commercial Code (Handelsgesetzbuch – HGB)).

Contact data,

client data,

billing data.

No automated decision-making takes place.

The legal basis for retention is to comply with statutory, in particular professional ethics, anti-money laundering, commercial and tax law retention obligations is compliance with a legal obligation (point (c) of Article 6 paragraph 1 of the General Data Protection Regulation).

The legal basis of retention for evidence purposes is a balancing of interests (point (f) of Article 6 paragraph 1 of the General Data Protection Regulation). Our legitimate interest is the establishment, exercise or defence of legal claims.

-

Settlement of any existing liability claims and the exercise of any claims against our clients.

Contact data,

client data,

billing data.

No automated decision-making takes place.

Balancing of interests (point (f) of Article 6 paragraph 1 of the General Data Protection Regulation). Our legitimate interest is the establishment, exercise and defence or legal claims.

Clients,

representatives and/or advisors of clients,

opposing parties in legal proceedings,

representatives and/or advisors of opposing parties in legal proceedings,

witnesses,

insurers,

courts and/or authorities.

Cooperation with courts and/or authorities in order to fulfil statutory obligations.

Contact data,

client data,

billing data.

No automated decision-making takes place.

Compliance with a legal obligation (point (c) of Article 6 paragraph 1 of the General Data Protection Regulation).

Courts and/or authorities.

Liaison with auditors and tax advisors in order to comply with statutory obligations.

Contact data,

client data,

billing data.

No automated decision-making takes place.

Compliance with a legal obligation (point (c) of Article 6 paragraph 1 of the General Data Protection Regulation).

External auditors,

External tax advisors.

Client relationship management and the alignment of our advisory services with the needs and wishes of our (potential) clients, including making contact to inform our (potential) clients, inviting our (potential) clients to law firm events and maintaining the relationships with our (potential) clients.

We coordinate in this respect with the other Noerr companies in order to ensure that client relationship management within the Noerr companies is as efficient as possible.

For client relationship management we use specialised IT service providers that process data on our behalf.

Contact data.

No automated decision-making takes place.

If the data subject has given their individual consent in this respect, the legal basis for the maintenance of our relationship is the individual consent (point (a) of Article 6 paragraph 1 of the General Data Protection Regulation).

The legal basis is in addition a balancing of interests (point (f) of Article 6 paragraph 1 of the General Data Protection Regulation). Our legitimate interest is maintaining the relationships with our (potential) clients and the alignment of our advisory services with the needs and wishes of our (potential) clients.

The legal basis for coordination with the other Noerr companies is a balancing of interests (point (f) of Article 6 paragraph 1 of the General Data Protection Regulation). Our legitimate interests is ensuring that client relationship management within the Noerr companies is as efficient as possible.

Dependent branches of Noerr PartGmbB outside the EU,

Noerr companies,

IT service providers.

Naming of references for ranking and analyses by press publishers and analysts.

Contact data.

No automated decision-making takes place.

Consent (point (a) or Article 6 paragraph 1 of the General Data Protection Regulation).

Press publishers and market analysts.

Recipient

Recipient’s role

Transfer to third countries and/or to international organisations

Adequacy decision or adequate or suitable assurances for transfers to third countries and/or international organisations

Dependent branches of Noerr PartGmbB outside the EU:

·        Office of Noerr PartGmbB in New York, USA

·        Office of Noerr PartGmbB in London, UK

Part of controller.

USA and UK.

No applicable adequacy decision of the EU within the meaning of Article 45 paragraph 3 of the General Data Protection Regulation exists.

However, the General Data Protection Regulation applies directly to our dependent branches in the USA and UK anyway, so that an appropriate level of data protection exists anyway.

We also guarantee that for transfers to our dependent branches we comply with the obligations under the EU standard contractual clauses in accordance with Article 46 paragraph 5 of the General Data Protection Regulation that were adopted under Article 26 paragraph 4 of the previous Data Protection Directive (Directive 95/46/EC). A copy of the standard contractual clauses can be obtained from our Data Protection Officer (see contact details in Section A).

Noerr companies
in Germany:

·        NOERR Aktiengesellschaft Wirtschaftsprüfungsgesellschaft Steuerberatungsgesellschaft (NOERR AG)

·        Noerr Consulting GmbH & Co. KG

Controller.

Within the EU.

-

Noerr companies
in Spain:

·        Noerr Alicante IP, S.L.

Controller.

Within the EU.

-

Noerr notary’s offices:

·        Notary’s office Berlin (Dr Astrid Frense, Dr Dirk Lentfer, Felix Blobel, Dr Clemens Schönemann)

·        Notary’s office Frankfurt (Dr Thorsten Reinhard, Dr Alexander Jänecke, Dr. Julian Lemor)

Controller.

Within the EU.

-

Cooperating law firms, tax advisory and/or auditing firms outside the Noerr companies, in particular partners of the Lex Mundi network.

Controller.

Depends on engagement; can be within or outside the EU.

We only transfer personal data to third countries and/or to international organisations to the extent that this is necessary perform the contract with our client or to take steps at the request of our client prior to entering in to the contract (point (b) or (c) of Article 49 paragraph 1 of the General Data Protection Regulation) and/or to establish, exercise or defend legal claims (point (e) of Article 49 paragraph 1 of the General Data Protection Regulation).

Clients.

Controller.

Depends on engagement; can be within or outside the EU.

We only transfer personal data to third countries and/or to international organisations to the extent that this is necessary perform the contract with our client or to take steps at the request of our client prior to entering in to the contract (point (b) or (c) of Article 49 paragraph 1 of the General Data Protection Regulation) and/or to establish, exercise or defend legal claims (point (e) of Article 49 paragraph 1 of the General Data Protection Regulation).

Representatives and/or advisors or clients.

Controller.

Depends on engagement; can be within or outside the EU.

We only transfer personal data to third countries and/or to international organisations to the extent that this is necessary perform the contract with our client or to take steps at the request of our client prior to entering in to the contract (point (b) or (c) of Article 49 paragraph 1 of the General Data Protection Regulation) and/or to establish, exercise or defend legal claims (point (e) of Article 49 paragraph 1 of the General Data Protection Regulation).

Insurers.

Controller.

Depends on engagement; can be within or outside the EU.

We only transfer personal data to third countries and/or to international organisations to the extent that this is necessary perform the contract with our client or to take steps at the request of our client prior to entering in to the contract (point (b) or (c) of Article 49 paragraph 1 of the General Data Protection Regulation) and/or to establish, exercise or defend legal claims (point (e) of Article 49 paragraph 1 of the General Data Protection Regulation).

Opposing parties in legal proceedings,

representatives and/or advisors of opposing parties in legal proceedings.

Controller.

Depends on engagement; can be within or outside the EU.

We only transfer personal data to third countries and/or to international organisations to the extent that this is necessary perform the contract with our client or to take steps at the request of our client prior to entering in to the contract (point (b) or (c) of Article 49 paragraph 1 of the General Data Protection Regulation) and/or to establish, exercise or defend legal claims (point (e) of Article 49 paragraph 1 of the General Data Protection Regulation).

Witnesses.

Controller.

Depends on engagement; can be within or outside the EU.

We only transfer personal data to third countries and/or to international organisations to the extent that this is necessary perform the contract with our client or to take steps at the request of our client prior to entering in to the contract (point (b) or (c) of Article 49 paragraph 1 of the General Data Protection Regulation) and/or to establish, exercise or defend legal claims (point (e) of Article 49 paragraph 1 of the General Data Protection Regulation).

Experts and/or other service providers.

Controller or processor.

Depends on engagement; can be within or outside the EU.

We only transfer personal data to third countries and/or to international organisations to the extent that this is necessary perform the contract with our client or to take steps at the request of our client prior to entering in to the contract (point (b) or (c) of Article 49 paragraph 1 of the General Data Protection Regulation) and/or to establish, exercise or defend legal claims (point (e) of Article 49 paragraph 1 of the General Data Protection Regulation).

Courts and/or authorities.

Controller.

Depends on engagement; can be within or outside the EU.

We only transfer personal data to third countries and/or to international organisations to the extent that this is necessary perform the contract with our client or to take steps at the request of our client prior to entering in to the contract (point (b) or (c) of Article 49 paragraph 1 of the General Data Protection Regulation) and/or to establish, exercise or defend legal claims (point (e) of Article 49 paragraph 1 of the General Data Protection Regulation).

External auditors.

Controller.

Within the EU.

-

External tax advisors

Controller.

Within the EU.

-

Shipping/courier service providers.

Controller.

Depends on engagement; can be within or outside the EU.

We only transfer personal data to third countries and/or to international organisations to the extent that this is necessary perform the contract with our client or to take steps at the request of our client prior to entering in to the contract (point (b) or (c) of Article 49 paragraph 1 of the General Data Protection Regulation) and/or to establish, exercise or defend legal claims (point (e) of Article 49 paragraph 1 of the General Data Protection Regulation).

Press publishers and market analysts.

Controller.

Depending on the location of the relevant press publisher or market analyst either within or outside the EU.

We only transfer personal data to third countries to the extent that the data subject has given their express consent to the proposed data transfer (point (a) of Article 49 paragraph 1 of the General Data Protection Regulation).

IT service providers.

Processor.

Within the EU.

-

Banks.

Controller.

Within the EU.

-

Payroll and financial accounting service providers.

Processor.

Within the EU.

-

At our law firm we process personal data of persons who apply for jobs with us.

We process the data of our job applicants for the following purposes:

  • Conducting the application process, in particular reviewing applications, contacting the applicant and conducting interviews to evaluate and select suitable applicants,
  • forwarding of the application documents to Noerr notary’s offices or Noerr companies if the applicant expressly requested this in his/her application letter,
  • storage for evidence purposes for the possible establishment, exercise or defence of legal claims.

More detailed information on this can be found in the sections that follow:

Categories of personal data processed

Personal data included in the categories

Data sources

Data subjects’ obligation to provide data

Storage period

Master data.

Name, data of birth, nationality, place of birth, country of birth, marital status.

Applicants or recruitment agencies instructed to act on behalf of applicants.

Provision of the data is not required by law or contract. The data subject is not obliged to provide the data.

However, if the data are not provided, it may not be possible to conduct the application process and, if applicable, to hire an applicant.

If an applicant is hired, the data will be entered in the personnel file. Information on the storage duration is provided in the information on the processing of the personal data of our employees.

If an applicant participates in our talent management programme, the data are stored after completion of the application process for the duration of participation in the talent management programme.

Otherwise the data will be stored for evidence purposes for the possible establishment, exercise and defence of legal claims for a period of six months after completion of the application process.

Contact data.

Private address, e-mail address telephone number.

Applicants or recruitment agencies instructed to act on behalf of applicants.

The provision of the data is not required by law or contract. The data subject is not obliged to provide the data.

However, if the data are not provided, it may not be possible to conduct the application process and, if applicable, to hire an applicant.

If an applicant is hired, the data will be entered in the personnel file. Information on the storage duration is provided in the information on the processing of the personal data of our employees.

If an applicant participates in our talent management programme, the data are stored after completion of the application process for the duration of participation in the talent management programme.

Otherwise the data will be stored for evidence purposes for the possible establishment, exercise and defence of legal claims for a period of six months after completion of the application process.

Application data.1

Content of application documents, in particular photograph, CV and certificates/references,

content of the written (including electronic) correspondence relating to the application.

Applicants or recruitment agencies instructed to act on behalf of applicants.

The provision of the data is not required by law or contract. The data subject is not obliged to provide the data.

However, if the data are not provided, it may not be possible to conduct the application process and, if applicable, to hire an applicant.

If an applicant is hired, the data will be entered in the personnel file. Information on the storage duration is provided in the information on the processing of the personal data of our employees.

If an applicant participates in our talent management programme, the data are stored after completion of the application process for the duration of participation in the talent management programme.

Otherwise the data will be stored for evidence purposes for the possible establishment, exercise and defence of legal claims for a period of six months after completion of the application process.

Application data.2

Content of evaluation notes, perceptions from interviews, feedback and evaluations.

Generated in-house.

-

If an applicant is hired, the data will be entered in the personnel file. Information on the storage duration is provided in the information on the processing of the personal data of our employees.

If an applicant participates in our talent management programme, the data are stored after completion of the application process for the duration of participation in the talent management programme.

Otherwise the data will be stored for evidence purposes for the possible establishment, exercise and defence of legal claims for a period of six months after completion of the application process.

Purpose of processing the personal data

Categories of personal data processed

Automated decision-making

Legal basis and any legitimate interests

Recipient

Conducting the application process, in particular reviewing applications, contacting the applicant and conducting interviews to evaluate and select suitable applicants.

Master data,

contact data,

application data.

No automated decision-making takes place.

Decision on the establishment of an employment relationship (Article 88 paragraph 1 of the General Data Protection Act, sec. 26(1) of the German Federal Data Protection Act).

Taking steps prior to entering into a contract (point (b) of Article 6 paragraph 1 of the General Data Protection Regulation).

IT service providers.

Forwarding of the application documents to Noerr notary’s offices or Noerr companies if the applicant expressly requested this in his/her application letter.

Master data,

contact data,

application data.

No automated decision-making takes place.

Taking steps prior to entering into a contract (point (b) of Article 6 paragraph 1 of the General Data Protection Regulation).

Dependent branches of Noerr PartGmbB outside the EU,

Noerr companies,

Noerr notary’s offices,

IT service providers.

Storage for evidence purposes for the possible establishment, exercise or defence of legal claims.

Master data,

contact data,

application data.

No automated decision-making takes place.

Balancing of interests (point (f) of Article 6 paragraph 1 of the General Data Protection Regulation). Our legitimate interest is the establishment, exercise or defence of legal claims.

IT service providers.

Establishment, exercise or defence of legal claims, including liaison with external lawyers.

Master data,

contact data,

application data.

No automated decision-making takes place.

Balancing of interests (point (f) of Article 6 paragraph 1 of the General Data Protection Regulation). Our legitimate interests is the establishment, exercise or defence of legal claims.

Courts and/or authorities,

external lawyers.

Recipient

Recipient’s role

Transfer to third countries and/or to international organisations

Adequacy decision or adequate or suitable assurances for transfers to third countries and/or international organisations

Dependent branches of Noerr PartGmbB outside the EU:

·        Office of Noerr PartGmbB in New York, USA

·        Office of Noerr PartGmbB in London, UK

Part of controller.

USA, UK.

No applicable adequacy decision of the EU within the meaning of Article 45 paragraph 3 of the General Data Protection Regulation exists.

However, the General Data Protection Regulation applies directly to our dependent branches in the USA and UK anyway, so that an appropriate level of data protection exists anyway.

We also guarantee that for transfers to our dependent branches we comply with the obligations under the EU standard contractual clauses in accordance with Article 46 paragraph 5 of the General Data Protection Regulation that were adopted under Article 26 paragraph 4 of the previous Data Protection Directive (Directive 95/46/EC). A copy of the standard contractual clauses can be obtained from our Data Protection Officer (see contact details in Section A).

Noerr companies
in Germany:

·        NOERR Aktiengesellschaft Wirtschaftsprüfungsgesellschaft Steuerberatungsgesellschaft (NOERR AG)

·        Noerr Consulting GmbH & Co. KG

Controller.

Within the EU..

-

Noerr companies
in Spain:

·        Noerr Alicante IP, S.L.

Controller.

Within the EU.

-

Noerr notary’s offices:

·        Notary’s office Berlin (Dr Astrid Frense, Dr Dirk Lentfer, Felix Blobel, Dr Clemens Schönemann)

·        Notary’s office Frankfurt (Dr Thorsten Reinhard, Dr Alexander Jänecke, Dr. Julian Lemor)

Controller.

Within the EU.

-

IT service providers.

Processor.

Germany.

-

Courts and/or authorities.

Controller.

Depending on the location of the relevant court and/or the relevant authority, within or outside the EU.

We only transfer personal data to third countries and/or to international organisations to establish, exercise or defend legal claims (point (e) of Article 49 paragraph 1 of the General Data Protection Regulation).

External lawyers.

Controller.

Depending on the location of the relevant lawyer, within or outside the EU.

We only transfer personal data to third countries and/or to international organisations to establish, exercise or defend legal claims (point (e) of Article 49 paragraph 1 of the General Data Protection Regulation).

At our law firm we process personal data of persons who participate in our careers event and our talent management programme, as well as of subscribers to Noerr Careers Events News.

We process the personal data of participants in our career event for the organisation and execution of these events.

We process data of participants in our talent management programme to implement that talent management programme, in particular to select suitable talents for open positions and send information about open positions and/or general information about us as an employer.

We also process personal data in this context for the following purposes:

  • Organisation and execution of careers events, in particular the select of suitable participants based on the application and talent data requested in the pre-registration.
  • implementation of the talent management programme, in particular the select of suitable talents for open positions and sending information on open positions and/or individual information. relating to the participant’s professional interests and objectives.
  • referral of the talents to the corresponding Noerr companies if the talent has expressly requested this when making contact.
  • analysis of the effectiveness of contact channels.
  • sending Noerr Careers Events News to subscribers by e-mail,
  • storage for evidence purposes for the possible establishment, exercise or defence of legal claims.

More detailed information on this can be found in the sections that follow:

Categories of personal data processed

Personal data included in the categories

Data sources

Data subjects’ obligation to provide data

Storage period

Master data.

Name, date of birth, nationality, place of birth, country of birth, marital status.

Participants in the talent management programme/careers events, subscribers to Noerr Careers Events News.

The provision of the data is not required by law or contract. The data subject is not obliged to provide the data.

However, if the name is not provided, it is not possible to participate in the talent management programme.

We store the data of participants in careers events until the end of the relevant careers event.

The data of participants in our talent management programme are stored for the duration of participation in our talent management programme.

We store the data of subscribers to Noerr Careers Events News until consent is withdrawn.

We store these data for evidence purposes for the establishment, exercise or defence of possible legal claims and in addition for a transitional period of three years from the end of the year in which the participant has deregistered and in the case of any legal dispute until such have been concluded.

Contact data.

Private address, e-mail address, telephone number.

Participants in the talent management programme/careers events, subscribers to Noerr Careers Events News.

The provision of the data is not required by law or contract. The data subject is not obliged to provide the data.

However, unless at least a contact possibility is provided, it is not possible to participate in the talent management programme.

We store the data of participants in careers events until the end of the relevant careers event.

The data of participants in our talent management programme are stored for the duration of participation in our talent management programme.

We store the data of subscribers to Noerr Careers Events News until consent has been withdrawn.

We store these data for evidence purposes for the establishment, exercise or defence of possible legal claims and in addition for a transitional period of three years from the end of the year in which the participant has deregistered and in the case of any legal dispute until such have been concluded.

Contact history.

Information on reason/medium of current and past contact with Noerr (trade, fair, event, job exchange etc.).

Applicants (in covering letter or in online application),

generated in-house (e.g. trade fair).

-

We store the data of participants in careers events until the end of the relevant careers event.

The data of participants in our talent management programme are stored for the duration of participation in our talent management programme.

Application data.1

Content of application documents, in particular photo, CV and certificates/references,

content of the written (including electronic) correspondence relating to the application.

Participants in the talent management programme/careers events.

The provision of the data is not required by law or contract. The data subject is not obliged to provide the data.

If the data are not provided, they cannot be taken into account for the selection of suitable talents.

We store the data of participants in careers events until the end of the relevant careers event.

The data of participants in our talent management programme are stored for the duration of participation in our talent management programme.

Application data.2

Content of evaluation notes, perceptions from interviews, feedback and evaluations.

Generated in-house.

-

We store the data of participants in careers events until the end of the relevant careers event.

The data of participants in our talent management programme are stored for the duration of participation in our talent management programme.

Talent data.1

Information on interests, professional qualifications, professional experience and other information that participants provide for talent management.

Content of written (including electronic) correspondence relating to participation in the talent management programme.

Participants in the talent management programme/careers events.

The provision of the data is not required by law or contract. The data subject is not obliged to provide the data.

If the data are not provided, they cannot be taken into account for the selection of suitable talents.

We store the data of participants in careers events until the end of the relevant careers event.

The data of participants in our talent management programme are stored for the duration of participation in our talent management programme.

Talent data.2

Content of evaluation notes, perceptions from interviews, feedback and evaluations., which we generate in-house to select suitable talents.

Information on the next (development) steps of the talent.

Generated in-house.

-

We store the data of participants in careers events until the end of the relevant careers event.

The data of participants in our talent management programme are stored for the duration of participation in our talent management programme.

Consent data.

Data for the provision, evidence and withdrawal of consent.

These include date and time and content of the consent (e.g. registration for newsletter), data and time registration notification is sent using closed-loop opt-in procedure and IP address of the end device used for confirmation, data and time of any withdrawal of consent (e.g. deregistration from newsletters).

Participants in the talent management programme,

subscribers to Noerr Careers Events News.

The provision of the data is not required by law or contract or for conclusion of a contract. There is no obligation to provide the data.

If the data are not provided, we cannot provides services (e.g. newsletters) which require consent.

We store the data relating to the relevant consent until consent has been withdrawn.

We store these data for evidence purposes for the establishment, exercise or defence of possible legal claims and in addition for a transitional period of three years from the end of the year in which the participant has deregistered and in the case of any legal dispute until such have been concluded.

Purpose of processing the personal data

Categories of personal data processed

Automated decision-making

Legal basis and any legitimate interests

Recipient

Organisation and execution of careers events, in particular the select of suitable participants based on the application and talent data requested in the pre-registration

Master data,

contact data,

application data,

talent data.

No automated decision-making takes place.

Balancing of interests (point (f) of Article 6 paragraph 1 of the General Data Protection Regulation). Our legitimate interest is the execution of careers events.

Dependent branches of Noerr PartGmbB outside the EU,

Noerr companies,

Noerr notary’s offices,

IT service providers.

Implementation of the talent management programme, in particular the select of suitable talents for open positions and sending information on open positions and/or individual information. relating to the participant’s professional interests and objectives.

Master data,

contact data,

talent data,

consent data.

No automated decision-making takes place.

Consent (point (a) of Article 6 paragraph 1 of the General Data Protection Regulation).

IT service providers.

Referral of the talents to the corresponding Noerr Notary’s offices or Noerr companies if the talent has expressly requested this when making contact.

Master data,

contact data,

contact history,

application data,

talent data.

No automated decision-making takes place.

Consent (point (a) of Article 6 paragraph 1 of the General Data Protection Regulation).

Dependent branches of Noerr PartGmbB outside the EU,

Noerr companies,

Noerr notary’s offices,

IT service providers.

Analysis of the effectiveness of contact channels.

Contact history.

No automated decision-making takes place.

Balancing of interests (point (f) of Article 6 paragraph 1 of the General Data Protection Regulation). Our legitimate interest is the analysis of the effectiveness of contact channels.

-

Sending Noerr Careers Events News to subscribers by e-mail.

Master data,

contact data,

consent data.

No automated decision-making takes place.

Consent (point (a) of Article 6 paragraph 1 of the General Data Protection Regulation).

IT service providers.

Storage for evidence purposes for the establishment, exercise or defence of possible legal claims.

Master data,

contact data,

consent data.

No automated decision-making takes place.

Balancing of interests (point (f) of Article 6 paragraph 1 of the General Data Protection Regulation). Our legitimate interest is the establishment, exercise or defence of legal claims.

IT service providers.

Establishment, exercise or defence of legal claims, including liaison with external lawyers.

Master data,

contact data,

consent data.

No automated decision-making takes place.

Balancing of interests (point (f) of Article 6 paragraph 1 of the General Data Protection Regulation). Our legitimate interests is the establishment, exercise or defence of legal claims.

Courts and/or authorities,

external lawyers.

Recipient

Recipient’s role

Transfer to third countries and/or to international organisations

Adequacy decision or adequate or suitable assurances for transfers to third countries and/or international organisations

Dependent branches of Noerr PartGmbB outside the EU:

·        Office of Noerr PartGmbB in New York, USA

·        Office of Noerr PartGmbB in London, UK

Part of controller.

USA, UK.

No applicable adequacy decision of the EU within the meaning of Article 45 paragraph 3 of the General Data Protection Regulation exists.

However, the General Data Protection Regulation applies directly to our dependent branches in the USA and UK anyway, so that an appropriate level of data protection exists anyway.

We also guarantee that for transfers to our dependent branches we comply with the obligations under the EU standard contractual clauses in accordance with Article 46 paragraph 5 of the General Data Protection Regulation that were adopted under Article 26 paragraph 4 of the previous Data Protection Directive (Directive 95/46/EC). A copy of the standard contractual clauses can be obtained from our Data Protection Officer (see contact details in Section A).

Noerr companies
in Germany:

·        NOERR Aktiengesellschaft Wirtschaftsprüfungsgesellschaft Steuerberatungsgesellschaft (NOERR AG)

·        Noerr Consulting GmbH & Co. KG

Controller.

Within the EU.

-

Noerr companies
in Spain:

·        Noerr Alicante IP, S.L.

Controller.

Within the EU.

-

Noerr notary’s offices:

·        Notary’s office Berlin (Dr Astrid Frense, Dr Dirk Lentfer, Felix Blobel, Dr Clemens Schönemann)

·        Notary’s office Frankfurt (Dr Thorsten Reinhard, Dr Alexander Jänecke, Dr. Julian Lemor)

Controller.

Within the EU.

-

IT service providers.

Processor.

Within the EU.

-

Courts and/or authorities.

Controller.

Depending on the location of the relevant court and/or the relevant authority, within or outside the EU.

We only transfer personal data to third countries and/or to international organisations to establish, exercise or defend legal claims (point (e) of Article 49 paragraph 1 of the General Data Protection Regulation).

external lawyers.

Controller.

Depending on the location of the relevant lawyer, within or outside the EU.

We only transfer personal data to third countries and/or to international organisations to establish, exercise or defend legal claims (point (e) of Article 49 paragraph 1 of the General Data Protection Regulation).

At our law firm we process personal data of our (potential) suppliers and their employees.

Suppliers are all natural persons or legal entities that manufacture and/or supply goods or provide services. Data of our suppliers can be personal data if the suppliers are natural persons. Data relating to the employees of our suppliers are also personal data.

We process the data of our (potential) suppliers and their employees for the following purposes:

  • Taking steps prior to entering into a contract, including pre-contractual correspondence,
  • performance of contracts with our suppliers, including contractual communication, exchange of services and payment processing,
  • proper accounting and storage to comply with contractual and statutory, in particular commercial law, tax law and retention obligations,
  • storage for evidence purposes for the establishment, exercise or defence of possible legal claims,
  • establishment, exercise or defence of legal claims, including coordination with external lawyers,
  • liaison with external tax advisors and/or auditors to comply with statutory obligations,
  • cooperation with courts and/or authorities to comply with statutory obligations,
  • business relationship management, including making contact to inform our (potential) suppliers and to maintain relationships with our (potential) suppliers.

More detailed information on this can be found in the sections that follow:

Categories of personal data processed

Personal data included in the categories

Data sources

Data subjects’ obligation to provide data

Storage period

Master data.

Company name, industry of our suppliers.

Suppliers.

Provision of the data is not required by law or contract. The data subject is not obliged to provide the data.

However, if the data are not provided, the conclusion of performance of a contract may not be possible.

We store these data until the purposes of processing these data specified below have been achieved.

We also store the data if other statutory, in particular commercial or tax law document retention obligations exist. Depending on the document type, document retention requirements under commercial or tax law can be between six and ten years (sec. 147 German Tax Code (Abgabenordnung – AO), sec. § 257 German Commercial Code (Handelsgesetzbuch – HGB)).

Contact data.

Name, position and company contact data (address, e-mail address, telephone number, fax number) of contact person at our suppliers.

Suppliers.

Provision of the data is not required by law or contract. The data subject is not obliged to provide the data.

However, if the data are not provided, the conclusion of performance of a contract may not be possible.

We store these data until the purposes of processing these data specified below have been achieved.

We also store the data if other statutory, in particular commercial or tax law document retention obligations exist. Depending on the document type, document retention requirements under commercial or tax law can be between six and ten years (sec. 147 German Tax Code (Abgabenordnung – AO), sec. § 257 German Commercial Code (Handelsgesetzbuch – HGB)).

Bank account data.

Account holder, bank, IBAN, BIC of our suppliers.

Suppliers.

Provision of the data is not required by law or contract. The data subject is not obliged to provide the data.

However, if the data are not provided, the conclusion of performance of a contract may not be possible.

We store these data until the purposes of processing these data specified below have been achieved.

We also store the data if other statutory, in particular commercial or tax law document retention obligations exist. Depending on the document type, document retention requirements under commercial or tax law can be between six and ten years (sec. 147 German Tax Code (Abgabenordnung – AO), sec. § 257 German Commercial Code (Handelsgesetzbuch – HGB)).

Communication data.1

Content of business communication of our suppliers to us, in particular by post, e-mail, fax.

Suppliers.

Provision of the data is not required by law or contract. The data subject is not obliged to provide the data.

However, if the data are not provided, the conclusion of performance of a contract may not be possible.

We store these data until the purposes of processing these data specified below have been achieved.

We also store the data if other statutory, in particular commercial or tax law document retention obligations exist. Depending on the document type, document retention requirements under commercial or tax law can be between six and ten years (sec. 147 German Tax Code (Abgabenordnung – AO), sec. § 257 German Commercial Code (Handelsgesetzbuch – HGB)).

Communication data.2

Connect of our business communication to our suppliers, in particular by post, e-mail, fax.

Generated in-house.

-

We store these data until the purposes of processing these data specified below have been achieved.

We also store the data if other statutory, in particular commercial or tax law document retention obligations exist. Depending on the document type, document retention requirements under commercial or tax law can be between six and ten years (sec. 147 German Tax Code (Abgabenordnung – AO), sec. § 257 German Commercial Code (Handelsgesetzbuch – HGB)).

Communication data.3

Circumstances of business communication with our suppliers, in particular parties involved, date/time and duration.

Generated in-house.

-

We store these data until the purposes of processing these data specified below have been achieved.

We also store the data if other statutory, in particular commercial or tax law document retention obligations exist. Depending on the document type, document retention requirements under commercial or tax law can be between six and ten years (sec. 147 German Tax Code (Abgabenordnung – AO), sec. § 257 German Commercial Code (Handelsgesetzbuch – HGB)).

Contract data.1

Information that we receive from our suppliers to take steps prior to entering into a contract and/or to perform contracts with our suppliers.

Suppliers.

Provision of the data is not required by law or contract. The data subject is not obliged to provide the data.

However, if the data are not provided, the conclusion of performance of a contract may not be possible.

We store these data until the purposes of processing these data specified below have been achieved.

We also store the data if other statutory, in particular commercial or tax law document retention obligations exist. Depending on the document type, document retention requirements under commercial or tax law can be between six and ten years (sec. 147 German Tax Code (Abgabenordnung – AO), sec. § 257 German Commercial Code (Handelsgesetzbuch – HGB)).

Contract data.2

Data from written (including electronic) contract documents that we receive from our suppliers.

Suppliers.

Provision of the data is not required by law or contract. The data subject is not obliged to provide the data.

However, if the data are not provided, the conclusion of performance of a contract may not be possible.

We store these data until the purposes of processing these data specified below have been achieved.

We also store the data if other statutory, in particular commercial or tax law document retention obligations exist. Depending on the document type, document retention requirements under commercial or tax law can be between six and ten years (sec. 147 German Tax Code (Abgabenordnung – AO), sec. § 257 German Commercial Code (Handelsgesetzbuch – HGB)).

Contract data.3

Information that we may receive from third parties to take steps prior to entering into a contract and/or for the performance of contracts with our suppliers.

Third parties.

-

We store these data until the purposes of processing these data specified below have been achieved.

We also store the data if other statutory, in particular commercial or tax law document retention obligations exist. Depending on the document type, document retention requirements under commercial or tax law can be between six and ten years (sec. 147 German Tax Code (Abgabenordnung – AO), sec. § 257 German Commercial Code (Handelsgesetzbuch – HGB)).

Contract data.4

Data from written (including electronic) contract documents that we prepare.

Generated in-house.

-

We store these data until the purposes of processing these data specified below have been achieved.

We also store the data if other statutory, in particular commercial or tax law document retention obligations exist. Depending on the document type, document retention requirements under commercial or tax law can be between six and ten years (sec. 147 German Tax Code (Abgabenordnung – AO), sec. § 257 German Commercial Code (Handelsgesetzbuch – HGB)).

Invoice data.

Data from invoices and payment reminders that we receive from our suppliers, in particular data, invoice items and invoice amounts.

Suppliers.

Provision of the data is not required by law or contract. The data subject is not obliged to provide the data.

However, if the data are not provided, billing may not be possible.

We store these data until the purposes of processing these data specified below have been achieved.

We also store the data if other statutory, in particular commercial or tax law document retention obligations exist. Depending on the document type, document retention requirements under commercial or tax law can be between six and ten years (sec. 147 German Tax Code (Abgabenordnung – AO), sec. § 257 German Commercial Code (Handelsgesetzbuch – HGB)).

Payment data.

Data relating to payment transactions, in particular date and payment amounts.

Generated in-house.

-

We store these data until the purposes of processing these data specified below have been achieved.

We also store the data if other statutory, in particular commercial or tax law document retention obligations exist. Depending on the document type, document retention requirements under commercial or tax law can be between six and ten years (sec. 147 German Tax Code (Abgabenordnung – AO), sec. § 257 German Commercial Code (Handelsgesetzbuch – HGB)).

Minutes data.

Data from minutes relating to the business content of appointments and meetings with our suppliers that we prepare to maintain the business relationship.

Generated in-house.

-

We store these data until the purposes of processing these data specified below have been achieved.

We also store the data if other statutory, in particular commercial or tax law document retention obligations exist. Depending on the document type, document retention requirements under commercial or tax law can be between six and ten years (sec. 147 German Tax Code (Abgabenordnung – AO), sec. § 257 German Commercial Code (Handelsgesetzbuch – HGB)).

Analysis data.1

Data from analyses of the business structure of the companies of our suppliers that we prepare for the strategic alignment of our business relationships.

Generated in-house.

-

We store these data until the purposes of processing these data specified below have been achieved.

Analysis data.2

Date we receive from our suppliers from analyses of the companies of our suppliers that we prepare for the strategic alignment of our business relationships.

Suppliers.

Provision of the data is not required by law or contract. The data subject is not obliged to provide the data.

If the data are not provided, we cannot take the data into account for the strategic alignment of our business relationships with our suppliers.

We store these data until the purposes of processing these data specified below have been achieved.

Survey data.

Responses to our surveys on the voluntary assessment of the business from the supplier’s perspective.

Suppliers.

Provision of the data is not required by law or contract. The data subject is not obliged to provide the data.

If the data are not provided, we cannot take any survey results of this supplier into account. This does not otherwise have any effect on the business relationship.

We store these data until the purposes of processing these data specified below have been achieved.

Purpose of processing the personal data

Categories of personal data processed

Automated decision-making

Legal basis and any legitimate interests

Recipient

Taking steps prior to entering into a contract, including pre-contractual communication.

Master data,

contact data,

communication data,

contract data.

No automated decision-making takes place.

If the data subject is our (potential) supplier, the legal basis is taking steps at the request of the data subject prior to entering into a contract (point (b) of Article 6 paragraph 1 of the General Data Protection Regulation).

If the data subject is not our (potential) supplier, the legal basis is a balancing of interests (point (f) of Article 6 paragraph 1 of the General Data Protection Regulation). Our legitimate interest is taking steps at the request of our (potential) supplier prior to entering into a contract.

Shipping/courier service providers.

Performance of contracts with our suppliers, including contractual communication, exchange of services and payment processing.

Master data,

contact data

bank account data,

communication data,

contract data,

invoice data,

payment data.

No automated decision-making takes place.

If the data subject is our supplier, the legal basis is the performance of a contract, to which the data subject is party (point (b) of Article 6 paragraph 1 of the General Data Protection Regulation).

If the data subject is not our supplier, the legal basis is a balancing of interests (point (f) of Article 6 paragraph 1 of the General Data Protection Regulation). Our legitimate interest is the performance of the contract with our supplier.

Shipping/courier service providers,

IT service providers.

Proper accounting and storage to comply with contractual and statutory, in particular commercial law and tax law retention obligations.

Master data,

identification data,

contact data,

bank account data,

communication data,

contract data,

invoice data,

payment data.

No automated decision-making takes place.

Compliance with a legal obligation (point (c) of Article 6 paragraph 1 of the General Data Protection Regulation), in particular compliance with statutory requirements for proper accounting and statutory, in particular professional ethics, commercial and tax law retention obligations.

If the data subject is our supplier, the legal basis is also the performance of a contract, to which the data subject is party (point (b) of Article 6 paragraph 1 of the General Data Protection Regulation).

If the data subject is not our supplier, the legal basis is also a balancing of interests (point (f) of Article 6 paragraph 1 of the General Data Protection Regulation). Our legitimate interest is the performance of the contract with our supplier .

Accounting service providers,

archiving service providers.

Storage for evidence purposes for the establishment, exercise or defence of possible legal claims.

Master data,

contact data,

bank account data,

communication data,

contract data,

minutes data,

invoice data,

payment data.

No automated decision-making takes place.

Balancing of interests (point (f) of Article 6 paragraph 1 of the General Data Protection Regulation). Our legitimate interests is the establishment, exercise or defence of legal claims.

Archiving service providers.

Establishment, exercise or defence of legal claims, including liaison with external lawyers.

Master data,

contact data,

bank account data,

communication data,

contract data,

invoice data,

payment data.

No automated decision-making takes place.

Balancing of interests (point (f) of Article 6 paragraph 1 of the General Data Protection Regulation). Our legitimate interests is the establishment, exercise or defence of legal claims.

Courts and/or authorities,

external lawyers.

Liaison with external tax advisors and/or auditors to comply with statutory obligations.

Master data,

contact data,

bank account data,

communication data,

contract data,

invoice data,

payment data.

No automated decision-making takes place.

Compliance with a legal obligation (point (c) of Article 6 paragraph 1 of the General Data Protection Regulation).

External tax advisors,

external auditors.

Cooperation with courts and/or authorities to comply with statutory obligations.

Master data,

contact data,

bank account data,

communication data,

contract data,

invoice data,

payment data.

No automated decision-making takes place.

Compliance with a legal obligation (point (c) of Article 6 paragraph 1 of the General Data Protection Regulation).

Courts and/or authorities.

Business relationship management, making contact to inform our suppliers and to maintain relationships with our suppliers.

Master data,

contact data,

communication data,

contract data,

minutes data,

analysis data,

survey data.

No automated decision-making takes place.

The legal basis for business relationship management is generally a balancing of interests (point (f) of Article 6 paragraph 1 of the General Data Protection Regulation). Our legitimate interest is the maintenance and strategic alignment of the relationships with our suppliers.

The legal basis for making contact to inform our suppliers can, depending on the circumstances of each individual case, in particular the way in which contact is made, either consent (point (a) of Article 6 paragraph 1 of the General Data Protection Regulation) or a balancing of interests (point (f) of Article 6 paragraph 1 of the General Data Protection Regulation). Our legitimate interest is information our suppliers.

-

Recipient

Recipient’s role

Transfer to third countries and/or to international organisations

Adequacy decision or adequate or suitable assurances for transfers to third countries and/or international organisations

External lawyers.

Controller.

Depending on the location of the relevant external lawyer, within or outside the EU.

We only transfer personal data to third countries and/or to international organisations to the extent that this is necessary to establish, exercise or defend legal claims (point (e) of Article 49 paragraph 1 of the General Data Protection Regulation).

External auditors.

Controller.

Within the EU.

-

External tax advisors.

Controller.

Within the EU.

-

Courts and/or authorities.

Controller.

Depending on the location of the relevant court and/or the relevant authority, within or outside the EU.

We only transfer personal data to third countries and/or to international organisations to establish, exercise or defend legal claims (point (e) of Article 49 paragraph 1 of the General Data Protection Regulation).

Shipping/courier service providers

Controller.

Within the EU.

-

IT service providers

Processor.

Within the EU.

-

Accounting service providers

Processor.

Within the EU.

-

Archiving service provider

Processor.

Within the EU.

-

At our law firm we process the personal data of the visitors to our buildings and facilities.

Visitors are all natural persons, with the exception of our employees, who visit our buildings and facilities. These can in particular be our (potential) suppliers and their employees.

We process data of our visitors for the following purposes:

  • Identification of our visitors and documentation of visits in order to maintain the safety of our buildings, facilities and employees, to ensure the safety of our visitors, to protect our property or the property of our suppliers,
  • planning and organisation of the details of the visit,
  • storage for evidence purposes for the possible establishment, exercise or defence of legal claims
  • establishment, exercise or defence of legal claims, including cooperation with external lawyers,
  • cooperation with courts and/or authorities to comply with statutory obligations.

More detailed information on this can be found in the sections that follow:

Categories of personal data processed

Personal data included in the categories

Data sources

Data subjects’ obligation to provide data

Storage period

Master data.

Name, position, company, industry.

Visitors.

Provision of the data is not required by law or contract. The data subject is not obliged to provide the data.

However, if the data are not provides, a visit may not be possible.

We store these data until the purposes of processing these data specified below have been achieved.

We also store the data if other statutory, in particular commercial or tax law document retention obligations exist. Depending on the document type, document retention requirements under commercial or tax law can be between six and ten years (sec. 147 German Tax Code (Abgabenordnung – AO), sec. § 257 German Commercial Code (Handelsgesetzbuch – HGB)).

Contact data.

Address, e-mail address, telephone number, fax number.

Visitors.

Provision of the data is not required by law or contract. The data subject is not obliged to provide the data.

However, if the data are not provides, a visit may not be possible.

We store these data until the purposes of processing these data specified below have been achieved.

We also store the data if other statutory, in particular commercial or tax law document retention obligations exist. Depending on the document type, document retention requirements under commercial or tax law can be between six and ten years (sec. 147 German Tax Code (Abgabenordnung – AO), sec. § 257 German Commercial Code (Handelsgesetzbuch – HGB)).

Registration data.1

Expected time, duration and purpose of visit, buildings or parts of buildings to be visited, arrival and departure.

Visitors.

Provision of the data is not required by law or contract. The data subject is not obliged to provide the data.

However, if the data are not provides, a visit may not be possible.

We store these data until the purposes of processing these data specified below have been achieved.

We also store the data if other statutory, in particular commercial or tax law document retention obligations exist. Depending on the document type, document retention requirements under commercial or tax law can be between six and ten years (sec. 147 German Tax Code (Abgabenordnung – AO), sec. § 257 German Commercial Code (Handelsgesetzbuch – HGB)).

Registration data.2

Expected time, duration and purpose of visit, buildings or parts of buildings to be visited, arrival and departure.

Generated in-house.

-

We store these data until the purposes of processing these data specified below have been achieved.

We also store the data if other statutory, in particular commercial or tax law document retention obligations exist. Depending on the document type, document retention requirements under commercial or tax law can be between six and ten years (sec. 147 German Tax Code (Abgabenordnung – AO), sec. § 257 German Commercial Code (Handelsgesetzbuch – HGB)).

Additional data.

Optional information on the visitor’s special catering requirements or other technical or organisational arrangements for the visit, such as barrier-free facilities.

Visitors.

Provision of the data is not required by law or contract. The data subject is not obliged to provide the data.

If the data are not provided, the visitor’s special requirements cannot be taken into account.

We store these data until the purposes of processing these data specified below have been achieved.

We also store the data if other statutory, in particular commercial or tax law document retention obligations exist. Depending on the document type, document retention requirements under commercial or tax law can be between six and ten years (sec. 147 German Tax Code (Abgabenordnung – AO), sec. § 257 German Commercial Code (Handelsgesetzbuch – HGB)).

Visit data.

Actual time and duration of visit, information on buildings or parts of buildings visited.

Generated in-house.

-

We store these data until the purposes of processing these data specified below have been achieved.

We also store the data if other statutory, in particular commercial or tax law document retention obligations exist. Depending on the document type, document retention requirements under commercial or tax law can be between six and ten years (sec. 147 German Tax Code (Abgabenordnung – AO), sec. § 257 German Commercial Code (Handelsgesetzbuch – HGB)).

Communication data.1

Content of communication with visitors regarding the planning and organisation of visits, in particular via post, e-mail, telephone, fax.

Visitors.

Provision of the data is not required by law or contract. The data subject is not obliged to provide the data.

However, if the data are not provides, a visit may not be possible.

We store these data until the purposes of processing these data specified below have been achieved.

We also store the data if other statutory, in particular commercial or tax law document retention obligations exist. Depending on the document type, document retention requirements under commercial or tax law can be between six and ten years (sec. 147 German Tax Code (Abgabenordnung – AO), sec. § 257 German Commercial Code (Handelsgesetzbuch – HGB)).

Communication data.2

Content of communication with visitors regarding the planning and organisation of visits, in particular via post, e-mail, telephone, fax.

Generated in-house.

-

We store these data until the purposes of processing these data specified below have been achieved.

We also store the data if other statutory, in particular commercial or tax law document retention obligations exist. Depending on the document type, document retention requirements under commercial or tax law can be between six and ten years (sec. 147 German Tax Code (Abgabenordnung – AO), sec. § 257 German Commercial Code (Handelsgesetzbuch – HGB)).

Communication data.3

Circumstances of business communication with visitors, in particular those involved, time and duration.

Generated in-house.

-

We store these data until the purposes of processing these data specified below have been achieved.

We also store the data if other statutory, in particular commercial or tax law document retention obligations exist. Depending on the document type, document retention requirements under commercial or tax law can be between six and ten years (sec. 147 German Tax Code (Abgabenordnung – AO), sec. § 257 German Commercial Code (Handelsgesetzbuch – HGB)).

Door camera data.

Footage from cameras in door intercoms.

Generated in-house.

-

These data are not stored beyond the communication process.

 

 

 

Purpose of processing the personal data

Categories of personal data processed

Automated decision-making

Legal basis and any legitimate interests

Recipient

Identification of our visitors and documentation of visits in order to maintain the safety of our buildings, facilities and employees, to ensure the safety of our visitors, to protect our property or the property of our suppliers.

This includes checking access authorisation and comparing the master and visit data specified during the visit with any master and registration data specified during any advance registration.

To identify visitors at entrances to our buildings and/or parts of buildings, we also use real-time video transmission in door intercom systems with video function. The transmission only takes place immediately and shortly after the doorbell has been activated. A video recording does not take place. We expressly refer to the video function in connection with the door intercom system (typically by means of pictograms on the door intercom system).

Master data,

contact data,

registration data,

visit data,

door camera data.

No automated decision-making takes place.

Balancing of interests (point (f) of Article 6 paragraph 1 of the General Data Protection Regulation). Our legitimate interest is maintaining the safety of our buildings, facilities and employees, ensuring the safety of our visitors and protecting our property or the property of our suppliers. Our legitimate interest is also ensuring that appropriate data security measures in accordance with Article 32 of the General Data Protection Regulation have been implemented. 

-

Planning and organisation of the details of the visit.

For this purpose, we may carry out advance registration of visitors prior to the visit.

In addition, we take into account any optional information from visitors regarding special catering requirements or other technical or organisational arrangements for the visit, such as barrier-free facilities.

Master data,

contact data,

registration data,

visit data,

additional data,

communication data.

No automated decision-making takes place.

Balancing of interests (point (f) of Article 6 paragraph 1 of the General Data Protection Regulation). Our legitimate interest is the planning and organisation of the details of the visit taking the special wishes and needs of the visitor into account.

-

Storage for evidence purposes for the possible establishment, exercise or defence of legal claims.

Master data,

contact data,

registration data,

visit data,

additional data,

communication data.

No automated decision-making takes place.

Balancing of interests (point (f) of Article 6 paragraph 1 of the General Data Protection Regulation). Our legitimate interest the establishment, exercise or defence of legal claims.

-

Establishment, exercise or defence of legal claims.

Master data,

contact data,

registration data,

visit data,

additional data,

communication data.

No automated decision-making takes place.

Balancing of interests (point (f) of Article 6 paragraph 1 of the General Data Protection Regulation). Our legitimate interest the establishment, exercise or defence of legal claims.

Courts and/or authorities,

external lawyers.

Cooperation with courts and/or authorities to comply with statutory obligations.

Master data,

visit data.

No automated decision-making takes place.

Compliance with a legal obligation (point (c) of Article 6 paragraph 1 of the General Data Protection Regulation).

Courts and/or authorities.

Recipient

Recipient’s role

Transfer to third countries and/or to international organisations

Adequacy decision or adequate or suitable assurances for transfers to third countries and/or international organisations

External lawyers.

Controller.

Depending on the location of the relevant external lawyer, within or outside the EU.

We only transfer personal data to third countries and/or to international organisations to the extent that this is necessary to establish, exercise or defend legal claims (point (e) of Article 49 paragraph 1 of the General Data Protection Regulation).

Courts and/or authorities.

Controller.

Depending on the location of the relevant court and/or the relevant authority, within or outside the EU.

We only transfer personal data to third countries and/or to international organisations to the extent that this is necessary to establish, exercise or defend legal claims (point (e) of Article 49 paragraph 1 of the General Data Protection Regulation).

We use cookies in connection with the website and the services offered on the website. We use the processing and storage functions of your end device’s browser and collect information from the memory of your end device’s browser.

Cookies are small text files with information that can be placed on a user’s end device through its browser when a website is visited. When the website is visited again with the same end device, the cookie and the information it contains can be retrieved.

First-party and third-party-cookies – Depending on where a cookie comes from, a distinction is made between first-party cookies and third-party cookies:

First-party cookies

Cookies that are placed and accessed by the operator of a website as the controller or a processor engaged by it.

Third-party cookies

Cookies that are placed and accessed by a party other than the operator of the website on its part is not acting as a processor on behalf of the operator of the website.

 

Transient and persistent cookies – A distinction is made between transient and persistent cookies depending on how long they remain active:

Transient cookies
(session cookies)

Cookies that are automatically deleted when you close your browser.

Persistent cookies

Cookies that remain stored on your end device for a certain period of time after the browser is closed.

 

Consent-free cookies and cookies requiring consentYour consent may be required for some cookies depending on their function and purpose of use:

Consent-free cookies

Cookies whose sole purpose is to transmit a message using an electronic communication network.

Cookies that are necessary so that the party offering a service that has been expressly requested by you can provide this service (“strictly necessary cookies”).

Cookies requiring consent

Cookies for all purposes of use other than the abovementioned.

 

Granting consent to the use of cookies and management of cookies using a cookie dashboard

If your consent is necessary for the use of certain cookies, we only use these cookies when you use our website if you have previously granted your consent to this. You can find information as to whether the use of a particular cookie requires consent in the information on the cookies used on this website in Section C.III of this Privacy Policy.

When you visit our website, we display a “cookie banner” in which you can declare your consent to the use of cookies on this website by clicking on a button. When you click on the button “Allow all cookies”, you have the option of giving your consent to the use of all of the cookies described in detail in Section C.III of this Privacy Policy. You have the option, by clicking on the “Change your consent” button, to select individual cookies to change your individual selections at a later point in time.

We also store your consent and any individual cookies you have selected in the form of a cookie (“opt-in cookie”) on your end device in order to determine whether you have granted your consent when you visit the website again. The opt-in cookie has a limited validity period of twelve months.

Strictly necessary cookies cannot be deactivated using the cookie management function of this website. However, you can deactivate these cookies in general at any time in your browser.

Managing cookies using browser settings

You can also manage cookies using your browser’s settings. Different browsers have different ways to configure cookie settings. You can find more extensive information on this, for example at https://www.allaboutcookies.org/manage-cookies/.

However, we would like to point out that some functions of the Website may not work properly or at all if you deactivate cookies in general in your browser.

You can contact us for the purpose of exercising your rights using the contact details in Section A.

More detailed information on your rights in relation to the processing of your personal data can be found in the sections that follow:

As a data subject, you have a right to obtain access and information under the conditions provided in Article 15 of the General Data Protection Regulation.

This means in particular that you have the right to obtain confirmation from us as to whether we are processing your personal data. If so, you also have the right to obtain access to the personal data and the information listed in Article 15 paragraph 1 of the General Data Protection Regulation. This includes information regarding the purposes of the processing, the categories of personal data that are being processed and the recipients or categories of recipients to whom the personal data have been or will be disclosed (points (a), (b) and (c) of Article 15 paragraph 1 of the General Data Protection Regulation).

You can find the full extent of your right to access and information in Article 15 of the General Data Protection Regulation.

As a data subject, you have the right to rectification under the conditions provided in Article 16 of the General Data Protection Regulation.

This means in particular that you have the right to receive from us without undue delay the rectification of inaccuracies in your personal data and completion of incomplete personal data.

You can find the full extent of your right to rectification in Article 16 of the General Data Protection Regulation.

As a data subject, you have a right to erasure (“right to be forgotten”) under the conditions provided in Article 17 of the General Data Protection Regulation.

This means that you generally have the right to obtain from us the erasure of your personal data and we are obliged to erase your personal data without undue delay when one of the reasons listed in Article 17 paragraph 1 of the General Data Protection Regulation applies. This can be the case, for example, if personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed (point (a) of Article 17 paragraph 1 of the General Data Protection Regulation).

If we have made the personal data public and are obliged to erase it, we are also obliged, taking account of available technology and the cost of implementation, to take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you have requested the erasure by such controllers of any links to, or copy or replication of those personal data (Article 17 paragraph 2 of the General Data Protection Regulation.

Where we have made the personal data public and are obliged to erase the personal data, we, taking account of available technology and the cost of implementation, are also obliged to take reasonable steps, including technical measures, to inform other controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data (Article 17 paragraph 2 of the General Data Protection Regulation.

The right to erasure (“right to be forgotten”) does not by exception apply if the processing is necessary for one of the reasons listed in Article 17 paragraph 3 of the General Data Protection Regulation. This can be the case, for example, if the processing is necessary for compliance with a legal obligation or for the establishment, exercise or defence of legal claims (points (b) and (e) of Article 17 paragraph 3 of the General Data Protection Regulation).

You can find the full extent of your right to erasure (“right to be forgotten”) in Article 17 of the General Data Protection Regulation.

As a data subject, you have a right to restriction of processing under the conditions provided in Article 18 of the General Data Protection Regulation.

This means that you have the right to obtain from us the restriction of processing if one of the conditions provided in Article 18 paragraph 1 of the General Data Protection Regulation applies. This can be the case, for example, if you contest the accuracy of the personal data. In such a case, the restriction of processing lasts for a period that enables us to verify the accuracy of the personal data (point (a) of Article 18 paragraph 1 of the General Data Protection Regulation).

Restriction means that stored personal data are marked with the goal of restricting their future processing (Article 4 paragraph 3 of the General Data Protection Regulation).

You can find the full extent of your right to restriction of processing in Article 18 of the General Data Protection Regulation

As a data subject, you have a right to data portability under the conditions provided in Article 20 of the General Data Protection Regulation.

This means that you generally have the right to receive your personal data with which you have provided us in a structured, commonly used and machine-readable format and to transmit those data to another controller without hindrance from us if the processing is based on consent pursuant to point (a) of Article 6 paragraph 1 or point (a) of Article 9 paragraph 2 of the General Data Protection Regulation or on a contract pursuant to point (b) of Article 6 paragraph 1 of the General Data Protection Regulation and the processing is carried out by automated means (Article 20 paragraph 1 of the General Data Protection Regulation).

You can find information as to whether an instance of processing is based on consent pursuant to point (a) of Article 6 paragraph 1 or point (a) of Article 9 paragraph 2 of the General Data Protection Regulation or on a contract pursuant to point (b) of Article 6 paragraph 1 of the General Data Protection Regulation in the information regarding the legal basis of processing in Sections B of this Data Protection Information.

In exercising your right to data portability, you also generally have the right to have your personal data transmitted directly from us to another controller if technically feasible (Article 20 paragraph 2 of the General Data Protection Regulation).

You can find the full extent of your right to data portability in Article 20 of the General Data Protection Regulation.

As a data subject, you have a right to object under the conditions provided in Article 21 of the General Data Protection Regulation.

At the latest in our first communication with you, we expressly inform you of your right, as a data subject, to object .

More detailed information on this is given below:

Right to object on grounds relating to the particular situation of the data subject

As a data subject, you have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data which is based on point (e) or (f) of Article 6 paragraph 1, including profiling based on those provisions.

You can find information as to whether an instance of processing is based on point (e) or (f) of Article 6 paragraph 1 of the General Data Protection Regulation in the information regarding the legal basis of processing in Sections B  of this Data Protection Information.

In the event of an objection relating to your particular situation, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.

You can find the full extent of your right to objection in Article 21 of the General Data Protection Regulation.

Right to object to direct marketing

Where your personal data are processed for direct marketing purposes, you have the right to object at any time to processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing.

You can find information as to whether and to what extent personal data are processed for direct marketing purposes in the information regarding the legal basis of processing in Sections B  of this Data Protection Information.

If you object to processing for direct marketing purposes, we no longer process your personal data for these purposes.

You can find the full extent of your right to objection in Article 21 of the General Data Protection Regulation.

Where an instance of processing is based on consent pursuant to point (a) of Article 6 paragraph 1 or point (a) of Article 9 paragraph 2 of the General Data Protection Regulation, as a data subject, you have the right, pursuant to Article 7 paragraph 3 of the General Data Protection Regulation, to withdraw your consent at any time. The withdrawal of your consent does not affect the legitimacy of the processing that occurred based on your consent until the withdrawal. We inform you of this before you grant your consent.

You can find information as to whether an instance of processing is based on point (a) of Article 6 paragraph 1 or point (a) of Article 9 paragraph 2 of the General Data Protection Regulation in the information regarding the legal basis of processing in Sections B of this Data Protection Information

As a data subject, you have a right to lodge a complaint with a supervisory authority under the conditions provided in Article 77 of the General Data Protection Regulation.

The supervisory authority responsible for us is:

Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)

Promenade 27, 91522 Ansbach, Germany

Telephone: +49 (0) 981 53 1300

Fax: +49 (0) 981 53 98 1300

E-mail: poststelle@lda.bayern.de

The technical terms relating to data protection used in this Data Protection Information have the meaning used in the General Data Protection Regulation. The full scope of the definitions of the General Data Protection Regulation can be found in Article 4 of the General Data Protection Regulation.

You will find more detailed information on the most important technical terms of the General Data Protection Regulation used in this Data Protection Information below:

processor”

“processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;

“special categories of personal data”

“special categories of personal data” means personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation;

“data subject”

“data subject” means the respective identified or identifiable natural person, to which the personal Data refers to;

“third country”

“third country” means a country which is not a member state of the European Union (“EU”) or the European Economic Area (“EEA”);

“third party”

“third party” means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data;

“recipient”

“recipient” means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;

“international organisation”

“international organisation” means an organisation and its subordinate bodies governed by public international law, or any other body which is set up by, or on the basis of, an agreement between two or more countries;

“personal data”

“personal data” means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

“profiling”

“profiling” means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements;

“controller”

“controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;

“processing”

“processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

This Data Protection Information was last modified on 01 August 2024.

It may be necessary to modify this Data Protection Information due to technical developments and/or amendment of statutory or official requirements. An up-to-date version of this Data Protection Information can be retrieved at any time at www.noerr.com/datenschutz.