The following describes how GSK STOCKMANN Rechtsanwälte Steuerberater Partnerschaftsgesellschaft mbB, registered office Munich, Munich Local Court, No. 533 (hereinafter also referred to as “GSK STOCKMANN”, “we”, “us”) processes your (and possibly third parties’) personal data within the scope of our relationship with you as client or otherwise as regards processing your case. We take the confidentiality and protection of your personal data very seriously. For this reason, we process your personal data exclusively insofar as it is legally admissible, in particular on the basis of the General Data Protection Regulation of the EU (“GDPR”) and the German Federal Data Protection Act (“BDSG”).
The following gives you an overview of which personal data we process exactly, how we use them, who we are potentially passing them on to and what your data protection rights and remedies are.
1. Who is responsible for processing my data?
This data protection notice applies to data processing by us (GSK STOCKMANN) as the person responsible for data protection in the sense of the GDPR.
If you have any questions, suggestions or complaints regarding data protection at GSK STOCKMANN, you can reach us using the following contact details: GSK STOCKMANN Rechtsanwälte Steuerberater Partnerschaftsgesellschaft mbB, Karl-Scharnagl-Ring 8, 80539 Munich, Germany, e-mail: firstname.lastname@example.org.
You can also contact our Data Protection Officer directly at any time. You may contact him/her using the above contact information from GSK STOCKMANN or at email@example.com.
2.1. Which personal data do we process?
We process certain data received from you or from third parties commissioned by you or your contact persons in connection with our client relationship or otherwise as regards processing your case. This includes in particular the following data:
We are processing your data at your request and in accordance with Art. 6 para. 1 s. 1 lit. b) GDPR for the purposes stated: in order to appropriately fulfill our relationship with you as our client and to mutually fulfill obligations arising from the client contract (performance of contract or precontractual measures). If you have not mandated us, your data will be processed based on Art. 6 para. 1 s. 1 lit. f) GDPR (legitimate interest; whereby the legitimate interest is within the scope of necessity for the aforementioned purposes).
In some cases we are required by law to process certain data (Art. 6 para. 1 lit. c) GDPR). We are under such obligation e.g. due to the Money Laundering Act (“GWG”), which stipulates that we must identify our clients (Sec. 11 para. 1 s. 1 GWG). Furthermore, according to Sec. 50 of the German Federal Lawyer’s Act (“BRAO”), professional law prescribes that we keep legal refer-ence files (if necessary also electronically).
3. Business partners
In addition, we process personal data within the scope of cooperation with contracted service providers or suppliers as well as other business partners (“business partners”).
3.1 Which personal data do we process?
In the context of cooperation with our business partners or their points of contact, we process among others the following categories of personal data:
name, address and other contact details, such as title, address, telephone or fax number and e-mail address; if applicable, details regarding your professional activity; bank account or payment information; if applicable, your tax identification number (“tax ID”); 2 What are the purposes and the legal bases for the data processing? e above mentioned personal data are necessary to establish, execute and handle the contractual relationship with the respective business partner. We process these data based on Art. 6 para. 1 lit. b) GDPR; otherwise also according to Art. 6 para. 1 lit. f) GDPR. Transmitting information occasionally process your personal data in order to send you important or relevant client and/or legal information (e.g. GSK Updates on current legal topics) or other information and to point out GSK STOCKMANN events relevant to you. 1 Which personal data do we process? this context, we process among others the following categories of personal data: name, address and other contact details, such as title, address, telephone or fax number and e-mail address; if applicable, details regarding your professional activity.
4.2 What are the purposes and the legal bases for the data processing?
We process the aforementioned personal data in order to send you important or relevant information on current topics or events and to draw your attention to GSK STOCKMANN events relevant to you.
We process this data based on Art. 6 para. 1 lit. f) GDPR (legitimate interest; whereby the legitimate interest is carried out within the scope of necessity for the aforementioned purposes).
If there is no legitimate interest, we will only send you our client and/or legal information and information on events if you have given us your consent (Art. 6 para. 1 lit. a) GDPR). You can revoke this consent at any time with effect for the future. In this case, we will not send you any further information in the future and we will delete your contact information unless we are entitled or obligated to retain it for other reasons (e.g. working on your case).
5. Do we transfer your personal data to third parties?
Your personal data will not be transferred to third parties for purposes not listed below.
Your personal data will be passed on to third parties insofar as it is necessary as per Art. 6 para. 1 s. 1 lit. b) GDPR for properly processing a client or business relationship with you or as per Art. 6 para. 1 s. 1 lit. f) GDPR for otherwise properly processing your case. This includes, in particular, for working on client matters, transferring data to an opposing party and its representatives (in particular its lawyers) as well as courts and other public authorities for the purpose of corresponding and asserting and defending legal claims. In individual cases it may also be necessary for us to transfer your data to third parties for the purpose of credit assessment.
In addition, contract processors we commission (in particular IT service providers) receive your data insofar as this is necessary for performing their respective services vis-à-vis us. These contract processors process the data exclusively on our behalf and in accordance with our instructions. Above all, contract processors are not permitted to use your personal data for their own purposes. The legal basis for such data processing is Art. 28 GDPR (contract processing) and Art. 6 para. 1 s. 1 lit. b) GDPR (performance of contract or precontractual measures).
The third party must use the transferred data exclusively for the aforementioned purposes. With regard to a client relationship, the attorneyclient privilege remains unaffected.
6. Do you transfer data to third countries?
We will only transfer your personal data to third countries (outside the European Economic Area – EEA), if and as far as this is necessary to perform the service requested, if it is legally required or if a stakeholder involved is based in a third country or if you have given your consent.
7. How long do we store your personal data?
We process and store your personal data according to our statutory storage obligations.
In particular, according to Sec. 50 (1) BRAO, lawyers must keep reference files for a period of six years after the end of the calendar year in which the matter or other legal activity was terminated. Your personal data will be deleted after expiry of this legal obligation for lawyers to retain them and taking into account a transaction time of no more than one year, unless we are obligated to retain them for a longer period of time in accordance with Art. 6 para. 1 s. 1 lit. c) GDPR due to tax and commercial law storage and documentation obligations (as per the German Commercial Code, Criminal Code, Money Laundering Act or the Tax Code).
Otherwise, we will delete your personal data after the purpose for which it was collected has been fulfilled or no longer applies (e.g. after termination of the client or contractual relationship or other business relationship), unless we are entitled or obligated to retain it longer. In these cases, we will not use your data anymore and limit the processing of personal data in this respect.
8. Which rights do you have?
You have the right to request information from us at any time regarding your personal data processed by us. The lawyerclient confidentiality obligation remains unaffected. If the legal requirements are met, you also have the right to have your personal data corrected and deleted or their processing restricted as well as the right to object to our processing of your data. Additionally, you also have the right to receive (or demand transmission to another person responsible) an overview of the relevant personal data you made available to us in a structured, commonly used, and machine-readable format.
If you have given consent to the processing of your personal data, you can withdraw it at any time with effect for the future. You can assert these rights among others by contacting us or our Data Protection Officer using the contact information mentioned under section 1. above.
You have the right to file a complaint about the processing of your personal data at a data protection supervisory authority.