Privacy Policy

Information on Data Processing when Visiting the SCHIEDERMAIR Website

 

In accordance with our obligation to provide information under the General Data Protection Regulation (GDPR), this privacy policy informs you about the details of the processing of your personal data when you visit our website as well as your rights in this context.

We reserve the right to revise this data privacy policy from time to time so that it is in compliance with current legal requirements and the functions on our website. The data privacy policy as provided on the website applies in each case.

I. Name and Contact Information of the Data Controller

The data controller for data processing is:

SCHIEDERMAIR RECHTSANWÄLTE
Partnergesellschaft von Rechtsanwälten und Steuerbaratern mbB
(SCHIEDERMAIR Attorneys at Law
Partnership Company of Attorneys at Law and Tax Advisors with Limited Professional Liability
)
Eschersheimer Landstrasse 60
60322 Frankfurt am Main
GERMANY
Email: kanzlei@schiedermair.com
Phone: +49 69 95508-0
Fax: +49 69 95508-100
www.schiedermair.com

The data protection officer of SCHIEDERMAIR RECHTSANWÄLTE is available at the above address, Attn: Betriebliche Datenschutzbeauftragte (Data Protection Officer), or at stadler@schiedermair.com.

II. Processing Operations

1. Browser Data; Log Files

When you access our website, the browser used on your terminal will automatically send information to our website server. This information will be stored temporarily in a so-called log file. The following information will be collected without any action on your part, and will be stored until it is automatically deleted: IP address of the requesting terminal, date and time of access, name and URL of the accessed file, website from which the access is made (referring URL), browser used, and, if applicable, the operating system of your computer and the name of your access provider.

The above data is processed by us to ensure your smooth connection with our website, convenient usage, as well as stability and security of the website.

The legal basis for the data processing is Article 6(1)(f) GDPR. Our legitimate interest follows from the above-listed purposes. We do not use the collected data for the purpose of obtaining information about you as a person. The data stored in the log files are deleted after seven days.

2. Contacting Us

If you contact us via the email addresses and telephone numbers provided on the website, then the personal data transmitted by you via e-mail or telephone will be stored.

Contacting us is voluntary.  If you do not provide us with your contact details, it will not be possible for us to respond to your contact request.

The legal basis for processing this data is Article 6(1)(f) GDPR. Our legitimate interest is to respond to your request.  If the purpose of contacting you is to conclude a contract, the additional legal basis for processing the data is Article 6(1)(b) GDPR.

The processing of personal data is so that we can process the contact request.

We delete your data three years after the conclusion of the conversation with you at the end of the calendar year unless the deletion conflicts with legal retention periods, for example, from an ongoing client relationship.

3. Registration for Our Newsletter

If you have registered to receive our newsletter via our website or have otherwise provided your consent to receive our newsletter, we will use your name and email address to send you our newsletter from time to time on various legal topics.

We use the services of CleverReach GmbH & Co. KG, Mühlenstraße 43, 26180 Rastede, Germany (hereinafter “CleverReach”), to whom we transfer your name and email address, to send you a newsletter.  CleverReach operates in accordance with our instructions on the basis of a contract processing agreement. Information on data protection at CleverReach is available at https://www.cleverreach.com/de/datensicherheit and at https://www.cleverreach.com/de/antispam.

CleverReach processes opening and click rates to record whether the newsletters that have been sent are received and opened. The data processing is anonymized. In addition to the opening and click rates, technical information from the end terminal of the recipient of the newsletter is collected, primarily information on the browser used, operating system, as well as date and time of opening. The data is processed without reference to persons. No usage analyses or merging with other data takes place.

When you submit the registration form for our newsletter, your IP address, and the date and time of your registration, are automatically collected and stored by the system.

If you have registered for the newsletter via the form on our website, we verify your email address as part of a so-called double opt-in process. For this purpose, we will send you an email with a link so that you can confirm your registration for the newsletter.

Providing your data to register for a newsletter is voluntary. If you do not provide us with your email address, we will not be able to send you our newsletter.

The legal basis for processing your name and email address for the purpose of sending the newsletter is your consent, Article 6 (1)(a) GDPR.  By sending the confirmation email as part of the double opt-in process, we comply with our legal obligation to verify the email address of newsletter recipients, Article 6(1)(c) GDPR.  Your IP address, as well as the date and time of sending the registration form, are processed to ensure the functionality of our IT systems and to protect against misuse. This is our legitimate interest in data processing, Article 6(1)(f) GDPR. In addition, the data processing is so that we our able to document your consent to receive the newsletter as we are required to do so, Article 6(1)(c) GDPR.

You can unsubscribe from the newsletter at any time, for example by sending an email to the contact person indicated in the respective newsletter or by sending an email to kanzlei@schiedermair.com.  We will then put your email address on a blacklist so that you no longer receive the newsletter and we can ensure that you are not added again to a recipient list.  Your data will be deleted three months after you unsubscribe. If you fail to respond to the confirmation email as part of the double opt-in process, we will also delete your data three months after your subscription to the newsletter.

4. Applications

You can submit an application to us in writing or by email using the provided contact details.  To review your application, we will process the personal data included in your material (e.g. in your cover letter, resume, and in your references).  Depending on your documents and information, this may also include special categories of personal data within the meaning of Article 9(1) GDPR (e.g. information regarding a disability).

Sending us your application material is voluntary. If you fail to provide us with relevant data for your application, it will not be possible for us – depending on the data concerned – to review your application in full and to contact you.

The legal basis for processing your data is the implementation of pre-contractual measures and, insofar as an employment relationship with us comes about, the establishment and implementation of the contract, Article 6(1)(b) GDPR, Section 26 German Federal Data Privacy Act.

The purpose of processing the data is to check your suitability for an employment relationship with us and, insofar as an employment relationship does arise, to establish and implement the employment relationship.

If we reject your application, we will delete your data no later than six months after the rejection, unless you have consented to the retention of your application material regarding subsequent vacancies. In this case, we will delete your data after a further six months at the latest. If an employment relationship is established, we will store your data for at least for the duration of the employment relationship and, if applicable, for the duration of any statutory retention obligations or contractual retention provisions that go beyond this.

III. Use of Cookies

We use cookies that are technically necessary on our website to save your language preference. These are small files that your browser automatically creates and that are stored on your end device (laptop, tablet, smartphone or the like) when you visit our website. Cookies do not cause any damage to your end device and do not contain viruses, Trojans, or other malware.

Information is stored in the cookie that arises in each case in connection with the specific end device that is being used. The use of technically necessary cookies enables the use of our offerings and to make it more convenient for you, e.g. to use the proper language setting and the back function in your browser. The information obtained from cookies will not be used in connection with your personal data, such as your IP address.

On the website, we use a cookie from WPML (provider: OnTheGoSystems Ltd, 22 F 3 Lockhart Road, Wanchai, Hong Kong) to store your language settings.

The data processed by cookies is necessary for the above purposes to protect our legitimate interests pursuant to Article 6(1)(f) GDPR.

Most browsers accept cookies automatically. You can, however, configure your browser so that cookies are not stored on your computer or a notice always appears before a new cookie is created. The complete deactivation of cookies may, however, mean that you will not be able to use all of the functions of our website.

IV. Our Profiles in Social Media

We maintain company profiles on XING (service provider: New Work SE, Dammtorstrasse 30, 20354 Hamburg, Germany) and on LinkedIn (service provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland).

When you visit our profile on one of the platforms, the respective service provider will process data from you to create usage profiles for its own purposes and to operate and optimize its own services.  We may receive evaluations from the providers about the use of our company profile.  The evaluations do not relate to individual persons.  The data processing from the service providers takes place, in part, regardless of whether you yourself are registered or logged in to the social media.  The evaluations typically include the following information:

  • Reach measurements regarding profile, posts, and other functions, i.e. total number of people who have either visited or used profiles, posts, or other functions;
  • Aggregate data regarding age, gender, and location (country, region/city) of people visiting profiles;
  • Time of use for videos and other features;
  • Time and location of uses;
  • Devices, operating systems, and software used;
  • Interactions related to posts, e.g., click-through rates, shares, comments.

With regard to the data processing operations for the purposes of the above-mentioned evaluations, we are jointly responsible with LinkedIn within the meaning of the GDPR and have concluded a corresponding joint responsibility agreement.

We have no influence on whether, and to what extent, the providers collect personal data on their platforms.  We also do not have knowledge of the scope, purpose, and storage period of the data collection.  It must be assumed that, at a minimum, the IP address and device-related information are collected and used.  It is also possible that the providers use cookies and comparable technology on their platforms, with which the usage behavior on the platforms and other services of the providers can be tracked and evaluated.

The headquarters of the LinkedIn conglomerate, LinkedIn Inc. is located in the United States.  Countries outside the territory of the European Union (EU) and the European Economic Area (EEA), so-called third countries, do not, in part, have an adequate level of data protection as set forth in the GDPR.  The United States constitutes such a third country.  We cannot rule out that, even if the platform providers have a registered office in the EU/EEA, data may also be stored by the group companies in the United States or another third country.

Additional information on data protection at XING can be found at https://privacy.xing.com/en/privacy-policy.

For more information about privacy at LinkedIn, please see the Privacy Policy at https://www.linkedin.com/legal/privacy-policy and the Cookie Policy at https://www.linkedin.com/legal/cookie-policy. For those processing operations where we are jointly responsible with LinkedIn, a joint responsibility agreement applies, which is available at https://legal.linkedin.com/pages-joint-controller-addendum.

V. Your Rights

You have the right:

  • In accordance with Article 15 GDPR, to request information about your personal data processed by us.  In particular, you may request information about the purposes of the processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to complain, the origin of your data if it has not been collected by us, and the existence of automated decision-making, including profiling, and, if applicable, meaningful information about its details;
  • Pursuant to Article 16 GDPR, to request the rectification of incorrect or incomplete personal data stored by us without undue delay;
  • Pursuant to Article. 17 GDPR, to request the erasure of your personal data stored by us, unless the processing is necessary to exercise the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or to establish, exercise, or defend legal claims;
  • Pursuant to Article 18 GDPR, to request the restriction of the processing of your personal data, insofar as you are disputing the accuracy of the data, the processing is unlawful, but you object to its erasure and we no longer need the data, but you need it to assert, exercise, or defend legal claims or you have objected to the processing pursuant to Article 21 GDPR;
  • Pursuant to Article 20 GDPR, to receive your personal data that you have provided to us in a structured, commonly-used, and machine-readable format or to request the transfer to another data controller; and
  • To lodge a complaint with a supervisory authority in accordance with Article 77 GDPR. As a rule, you may contact for this purpose the supervisory authority of your place of your habitual residence, place of work, or of our law firm’s registered office.

Right to Withdraw Consent

In accordance with Article 7(3) GDPR, you have the right to withdraw your consent at any time without affecting the lawfulness of the processing performed on the basis of the consent until the withdrawal. Please address your withdrawal to kanzlei@schiedermair.com or by mail to the address of the responsible party given above.

Right to Object

If your personal data is processed on the basis of legitimate interests pursuant to Article 6(1)(f) GDPR, you have the right to object to the processing of your personal data pursuant to Article 21 GDPR, provided that there are grounds therefor that arise from your particular situation or the objection is regarding direct advertising. In the latter case, you have a general right to object, which will be implemented by us without specifying a particular situation. If you wish to exercise your right to object, you may send an email to kanzlei@schiedermair.com.

VI. Data Security

We use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties. Our security measures are being improved upon continuously in accordance with technological developments.

Status: January, 2022

Information on Data Processing when Providing a Service as an Attorney, Notary, or Tax Advisor

  

With this data privacy policy, we, SCHIEDERMAIR RECHTSANWÄLTE and the notaries at SCHIEDERMAIR RECHTSANWÄLTE, are informing you regarding the processing of your personal data in accordance with our obligation to provide information under the General Data Protection Regulation (GDPR) and (for Notaries) the Hessian Data Protection and Freedom of Information Act (HDSIG). The data privacy policy is directed to all persons with whom we have a client relationship or other business or communication relationship or with whom we potentially have such a relationship.

We reserve the right to revise this data privacy policy from time to time so that it is in compliance with current legal requirements and in accordance with actual processing operations when we provide our services.  The data privacy policy as provided on the website applies in each case.

I. Name and Contact Information of the Data Controller

SCHIEDERMAIR Rechtsanwälte
Partnergesellschaft von Rechtsanwälten und Steuerberatern mbB
(SCHIEDERMAIR Attorneys at Law
Partnership Company of Attorneys at Law and Tax Advisors with Limited Professional Liability
)
(hereinafter SCHIEDERMAIR RECHTSANWÄLTE)
Eschersheimer Landstrasse 60
60322 Frankfurt am Main
GERMANY
Email: kanzlei@schiedermair.com
Phone: +49 69 95508-0
Fax: +49 69 95508-100
www.schiedermair.com

If you engage one of our attorney in his/her capacity as a Notary, such Notary is, in each case, the sole data controller for the matter at issue within the meaning of the data privacy provisions and is subject to the provisions of the HDSIG. Our Notaries are:

Dr. Christine Bunzel, Dr. Annegret Bürkle, Dr. Franz-Josef Kolb, Dr. Klaus J. Müller, Dr. Andreas Ripken, and Christoph M. Tegel, each with his/her notary’s office at the above address of SCHIEDERMAIR RECHTSANWÄLTE.

(hereinafter each individually the “Data Controller” and collectively with SCHIEDERMAIR RECHTSANWÄLTE, the “Data Controllers”).

The data protection officer of SCHIEDERMAIR RECHTSANWÄLTE and the Notaries is available via the above postal address, Attn: Betriebliche Datenschutzbeauftragte (Data Protection Officer), and at stadler@schiedermair.com.

II. Processing of Your Personal Data in the Context of Provision of Services by an Attorney or a Tax Advisor

We process personal data that we receive from you as the result of a potential or on-going client relationship (either the client or a contact person of the client) during the processing of or as the result of working on a client matter (the opposing party or the contact person of an opposing party) as well as from sources that are involved while working on a client matter e.g. contact persons of courts or agencies.  This includes, in particular, the following data:

  • Personal data, e.g. first and last name, date and place of birth, nationality, marital status, position at company;
  • Contact data, e.g. postal address, telephone and fax numbers, email address;
  • In certain cases, for example when advising on employment matters, also data on your professional and/or family situation and, if applicable, information regarding your health, e.g. disability, personal financial information, or other sensitive data, such as information on wage and salary garnishments;
  • In certain cases, also data on your personal property, e.g. ownership of residential property, and on your legal relationships with third parties, such as account or loan numbers at credit institutions.

Within the scope of a potential client relationship or an actual client relationship between you and us, you need to provide only those personal data that are necessary to initiate, perform, or terminate a client relationship or such personal data that we are legally required to collect.  Without this data, we will typically not be able to enter into a client relationship.

The legal basis for data processing for a potential or actual client relationship is Article 6(1)(b) GDPR.  The legal basis, within the context of working on a client matter, is Article 6(1)(f) GDPR, insofar as the data processing is necessary to assert, exercise, or defend legal claims and there is no reason to assume that you have an overriding interest requiring protection to not having your data be processed.  In part, we also fulfill legal requirements with the data processing, Article 6(1)(c) GDPR.  According to provisions of Germany’s Money Laundering Act, we are required to identify our clients.  Germany’s Federal Attorney’ Act requires attorneys to keep an attorney file (also by means of electronic data processing).

The purpose of processing data is to provide services to our clients, i.e. in particular to analyze and enforce legal claims, to implement legal rights and contractual relationships with third parties, and to communicate with clients and third parties in connection therewith.  Data processing is also for the internal accounting of SCHIEDERMAIR Rechtsanwälte, to send our newsletter (if requested by you), and to meet the above legal obligations.

Data collected when potentially entering into a client relationship, during the course of a client relationship, or to work on matters for clients will be stored as long as it is necessary for the matter at hand.  In addition, we archive data to meet statutory retention periods, which are as follows: for attorney files, ten years to the end of the calendar year (§ 199(3) No. 1 German Civil Code – BGB); for files in connection with inheritance law advice: 30 years to the end of the year (§ 199(3a) BGB, Section 5(4) Service Regulations for Notaries – DONot).  The period always begins at the end of the calendar year in which the respective matter was concluded. We also store data on the basis of other statutory retention obligations, e.g. pursuant to the German Commercial Code, the German Tax Code, or the German Money Laundering Act. These periods are usually for six or ten years.

III. Processing of your Personal Data in the Context of a Notary

In our capacity as notaries, we process, in each case as the data controller, the personal data that we receive from you or from third parties engaged by you (e.g. attorneys, tax advisors, brokers, credit institutions), such as:

  • Personal data such as first and last name, date and place of birth, nationality, marital status; your birth registration number as needed;
  • Contact data such as postal address, telephone and fax numbers, email address;
  • In the case of real estate contracts, your tax identification number;
  • In certain cases, for example for marriage contracts, wills, inheritance contracts, or adoptions, also data on your family situation and on your asset holdings, as well as, if applicable, information on your health or other sensitive data, e.g. because these serve to document your legal capacity;
  • In certain cases also data on your legal relationships with third parties, such as file numbers, loans, or account numbers at financial institutions.

We also process data from public registers, e.g. land register, commercial registers, and registers of associations.

As notaries, we hold a public office.  The official activity is performed as a task in the public interest to serve an orderly and preventive administration of justice and is, therefore, in the public interest and in the exercise of an official authority (Article 6(1)(e) GDPR).

Your data will be processed only to perform the notarial activity requested by you and, to the extent applicable, by other persons involved in a transaction, in accordance with official duties, e.g., to prepare draft deeds, for the purpose of notarization to implement notarial deeds, or to provide advice.  Personal data is, therefore, processed only on the basis of professional and procedural provisions applicable to the data controller, which come essentially from the Federal Notarial Code and the Notarization Act.  The legal obligation to process the required data arises also from these provisions (Article 6(1)(c) GDPR).

Your failure to provide the requested data would, therefore, result in the respective data controller being forced to refuse to (further) perform the official transaction.

We process and store your personal data within the scope of the applicable statutory retention obligations.  According to Section 5(4) of the Service Regulations for Notaries (DONot), the following retention periods apply to the retention of notarial documents:

  • Roll of deeds, list of inheritance contracts, list of names to the roll of deeds and collection of deeds including inheritance contracts kept separately (Section 18(4) DONot): 100 years,
  • Custody book, estate account, list of names to the estate account, list of escrow accounts, general files: 30 years,
  • Ancillary files: seven years; the Notary may determine a longer retention period in writing no later than the last time the content is processed, e.g. in the case of dispositions on account of death or in the event of recourse; the determination may also be made generally for individual types of legal transactions, e.g. for dispositions on account of death.

After expiry of the storage period, your data will be deleted or the paper documents will be destroyed, unless the respective data controller is required to store the data for a longer period of time pursuant to Article 6(1)(c) GDPR on the basis of tax and commercial law retention and documentation requirements (under the German Commercial Code, the German Penal  Code, the Money Laundering Act, or the German Tax Code) or professional regulations for the purpose of conflict checks.

IV. Transferring Data

Within SCHIEDERMAIR Rechtsanwälte, access to your data is granted to those offices and persons who need it to fulfill our contractual and legal obligations.  Each attorney is subject to a legal duty of confidentiality. This duty of confidentiality applies also to all of our employees and other persons engaged by us.

Your personal data will not be transferred to third parties for purposes other than those listed below.

We will only transfer your personal data to third parties if:

  • You have given your express consent in accordance with Article 6(1)(a) GDPR;
  • This is legally permissible and required pursuant to Article 6(1)(b) GDPR to process contractual relationships with you;
  • If a legal obligation to disclose exists pursuant to Article 6(1)(c) GDPR; or
  • The disclosure is, pursuant to Article 6(1)(f) GDPR, necessary to assert, exercise, or defend legal claims and there is no reason to assume that you have an overriding interest in not having your personal data be disclosed.

Under these conditions, data is transferred in particular to courts, agencies, and banks.

Under the above conditions, data may also be transferred to recipients in third countries, but only within the scope of a client relationship and/or client processing or if, and insofar, a party to a deed is domiciled in a third country.

We also occasionally use service providers who we have engaged to process personal data in accordance with our instructions within the framework of a contract processing agreement.  They have also all signed an agreement regarding professional confidentiality in accordance with Section 203 of the German Penal Code (StGB).

V. Your Rights

You have the right:

  • To request information on whether the data controllers are processing personal data about you and, if so, for what purposes we are processing the data and what categories of personal data we are processing, to whom the data has been disclosed, if applicable, how long the data is to be stored and what rights you have;
  • To have inaccurate personal data relating to you that is stored by us be rectified;
  • To request the erasure of personal data concerning you, provided there is a statutory reason for such deletion (cf. Article 17 GDPR) and the processing of your data is not required to comply with a legal obligation or for other overriding reasons within the meaning of the GDPR;
  • To demand that we process your data only on a restricted basis, e.g. to assert legal claims or for reasons of an important public interest, while we are, for example, examining your claim for correction or objection, or if we reject your claim for erasure (cf. Article 18 GDPR);
  • To contact supervisory authorities regarding a data protection complaint.  As a rule, you may contact for this purpose the data protection supervisory authority of your habitual place of residence, place of work, or the seat of our law firm /notary office.  The complaint may be lodged with any supervisory authority, regardless of the jurisdiction.

Right to Withdraw Consent

In accordance with Article 7(3) GDPR, you have the right to withdraw your consent at any time without affecting the lawfulness of the processing performed on the basis of the consent until the withdrawal. Please address your withdrawal to kanzlei@schiedermair.com or by mail to the address of the data controller given above.

Right to Object

If your personal data is processed on the basis of legitimate interests pursuant to Article 6(1)(f) GDPR, you have the right to object to the processing of your personal data pursuant to Article 21 GDPR, provided that there are grounds therefor that arise from your particular situation or the objection is regarding direct advertising. In the latter case, you have a general right to object, which will be implemented by us without specifying a particular situation. If you wish to exercise your right to object, you may send an email to kanzlei@schiedermair.com.

V. Data Security

We use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties. Our security measures are being improved upon continuously in accordance with technological developments.

Status: January, 2022

Information on Data Processing by SCHIEDERMAIR Beratungsgesellschaft für Datenschutz mbH

 

With this data protection privacy, we are informing you regarding the processing of your personal data in accordance with our information obligations under the General Data Protection Regulation (GDPR) about the details of the processing of your personal data when you use or intend to use the services of SCHIEDERMAIR Beratungsgesellschaft für Datenschutz mbH (SCHIEDERMAIR Consulting Company for Data Privacy mbH).  The data protection policy is directed to all persons with whom we have a client relationship or other business or communication relationship or with whom we potentially have such a relationship.

We reserve the right to revise this data privacy policy from time to time so that it is in compliance with current legal requirements and in accordance with actual processing operations when we provide our services.  The data privacy policy as provided on the website applies in each case.

I. Name and Contact Information of the Data Controller

SCHIEDERMAIR RECHTSANWÄLTE Beratungsgesellschaft mbH
Eschersheimer Landstrasse 60
60322 Frankfurt am Main
GERMANY
Email: info@schiedermair-datenschutz.com
Phone: +49 69 95508-400
Fax: +49 69 95508-401

II. Processing of your Personal Data in the Context of a Data Protection Engagement

We process personal data that we receive from you as the result of a potential or on-going business relationship, e.g., contact person for the data controller or within the context of an engagement in a data privacy matter regarding you, for example as a data subject within the meaning of the GDPR as well as from sources that are involved within the context of a data privacy engagement e.g. contact persons of data privacy supervisory authorities.  This includes, in particular, the following data:

  • Personal data, e.g. first and last name, date and place of birth, nationality, marital status, position at company or agency;
  • Contact data, e.g. postal address, telephone and fax numbers, email address;
  • In certain cases data on your professional and/or family situation and, if applicable, information regarding your health, e.g. disability, personal financial information, or other sensitive data;
  • In certain cases, also data on your legal relationships with third parties such as account or loan numbers at credit institutions.

Within the scope of a potential business relationship or an actual business relationship between you and us, you need to provide only those personal data that are necessary to initiate, perform, or terminate the data privacy officer relationship or such personal data that we are legally required to collect.  Without this data, we will typically be forced to reject the appointment as an external data privacy officer.

The legal basis for data processing for a potential or actual business relationship is Article 6(1)(b) GDPR.  The legal basis, within the context of an on-going data privacy officer appointment, is Article 6(1)(f) GDPR to the extent data processing is necessary to make, exercise, or defend legal claims and there is no reason to assume that you have an overriding interest in not having your personal data to be processed.

The purpose of processing data is to establish and perform our services as an external data privacy officer as well as the corresponding communication with the data controller and third parties, e.g., service providers, data subjects, data privacy supervisory authorities, courts.  The data processing is also for the purpose of performing internal bookkeeping of SCHIEDERMAIR Beratungsgesellschaft für Datenschutz mbH.

Data collected in the course of a data privacy officer appointment are stored for as long as this is necessary to perform the engagement.  In addition, we archive data to meet statutory retention periods, e.g., in accordance with the German Commercial Code (HGB) or the German Tax Code.  These periods are usually for six or ten years.

III. Transferring Data

Access to your data is granted within SCHIEDERMAIR Beratungsgesellschaft für Datenschutz mbH to those offices and persons who need it to fulfill our contractual and legal obligations.

Your personal data will not be transferred to third parties for purposes other than those listed below.

We will only pass on your personal data to third parties if:

  • You have given your express consent in accordance with Article 6(1)(a) GDPR;
  • This is legally permissible and required pursuant to Article 6(1)(b) GDPR to process contractual relationships with you;
  • If a legal obligation to disclose exists pursuant to Article 6(1)(c) GDPR; or
  • The disclosure is, pursuant to Article 6(1)(f) GDPR, necessary to assert, exercise, or defend legal claims and there is no reason to assume that you have an overriding interest in not having your personal data be disclosed.

Under these conditions, data is transferred in particular to courts, agencies, and banks.

Under the above conditions, data may also be transferred to recipients in third countries, but only within the scope of the business relationship with you.

IV. Your Rights

You have the right:

  • To request information on whether the data controllers are processing personal data about you and, if so, for what purposes we are processing the data and what categories of personal data we are processing, to whom the data has been disclosed, if applicable, how long the data is to be stored and what rights you have;
  • To have inaccurate personal data relating to you that is stored by us be rectified;
  • To request the erasure of personal data concerning you, provided there is a statutory reason for such deletion (cf. Article 17 GDPR) and the processing of your data is not required to comply with a legal obligation or for other overriding reasons within the meaning of the GDPR;
  • To demand that we process your data only on a restricted basis, e.g. to assert legal claims or for reasons of an important public interest, while we are, for example, examining your claim for correction or objection, or if we reject your claim for erasure (cf. Article 18 GDPR);
  • To contact supervisory authorities regarding a data protection complaint.  As a rule, you may contact for this purpose the data protection supervisory authority of your habitual place of residence, place of work, or the seat of our place of business.  The complaint may be lodged with any supervisory authority, regardless of the jurisdiction.

Right to Withdraw Consent

In accordance with Article 7(3) GDPR, you have the right to withdraw your consent at any time without affecting the lawfulness of the processing performed on the basis of the consent until the withdrawal. Please address your withdrawal to info@schiedermair-datenschutz.com or by mail to the address of the responsible party given above.

Right to Object

If your personal data is processed on the basis of legitimate interests pursuant to Article 6(1)(f) GDPR, you have the right to object to the processing of your personal data pursuant to Article 21 GDPR, provided that there are grounds therefor that arise from your particular situation or the objection is regarding direct advertising. In the latter case, you have a general right to object, which will be implemented by us without specifying a particular situation. If you wish to exercise your right to object, you may send an email to info@schiedermair-datenschutz.com.

V. Data Security

We use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties. Our security measures are being improved upon continuously in accordance with technological developments.

Status: January, 2022