(Last updated October 21, 2020)
We take data protection very seriously and inform you herein how we process your data and what claims and rights you are entitled to under data protection regulations.
Heuking Kühn Lüer Wojtek PartGmbB
D-40474 Düsseldorf, Germany
Contact details of our Data Protection Officer (also Data Protection Officer of all notaries working in the law firm):
Heuking Kühn Lüer Wojtek PartGmbB
Data Protection Officer Mr. Harald Eul
(HEC Harald Eul Consulting GmbH)
D-40474 Düsseldorf, Germany
We process personal data in accordance with the stipulations of the General Data Protection Regula-tion (GDPR), the German Federal Data Protection Act (Bundesdatenschutzgesetz - BDSG), and other applicable data protection provisions (details are provided below). The details on which data are processed and how they are used largely depend on the services requested or agreed in each case. If you retain our law firm, we will collect the following information in particular:
Further details or additions to the purposes of data processing can be found in the respective contract documents, in forms, in a declaration of consent and/or other information provided to you (e.g., in the context of the use of our website or in our terms and conditions).
This Data Protection Information may be updated from time to time and is available on our website https://www.heuking.de/en/data-protection-provisions.html.
The processing of personal data is performed at your request for the performance of our contracts with you and for the performance of your orders, as well as for the performance of measures and activities within the scope of precontractual relationships, e.g., with interested parties. The collection of these data is performed mainly
Your personal data may also be processed for certain purposes (e.g., use of company communication systems for private purposes; photographs/videos of you for publication in the Intranet/Internet) includ-ing as a result of your consent. As a rule, you may revoke this consent at any time. This also applies to the revoking of declarations of consent that were issued to us before the GDPR went into effect, i.e., prior to May 25, 2018. You will be informed sepa-rately about the consequences of revocation or refusal to provide consent in the respective text of the consent.
Generally, revocation of consent only applies to the future. Processing carried out prior to consent be-ing issued is not affected and remains lawful.
Beyond the actual fulfilment of the (pre-)agreement, we process your data whenever this is necessary to protect legitimate interests of our own or of third parties, in particular for the following purposes:
Like all players in business life, we are also subject to a large number of legal obligations. These are primarily statutory requirements (e.g., commercial and tax laws), but also if applicable supervisory law or other requirements set out by government authorities. The purposes of processing may also include identity and age checks, prevention of fraud and money laundering (e.g., comparisons with European and international anti-terror lists), compliance with control and notification obligations under tax law as well as the archiving of data for the purposes of data protection and data security as well as for purposes of audits by tax advisors/auditors, fiscal and other government authorities. In addition, it may be necessary to disclose personal data within the framework of official government/court measures for the purposes of collecting evidence, law enforcement and criminal prosecution or the satisfaction of civil law claims.
If necessary for the contractual relationship with you and the activities performed by you, we may process data which we lawfully receive from other offices or other third parties (e.g., credit agencies, publishers of address databases, journalist databases). In addition, we process personal data that we have lawfully collected, received or acquired from publicly accessible sources (such as commercial registers and association registers, civil registers, the press, Internet and other media) if such is necessary and we are allowed to process these data in accordance with statutory provisions.
Relevant personal data categories may be, in particular:
Your personal data will only be transferred to third parties if
We will moreover refrain from transmitting your data to third parties if we have not informed you of such separately. If we commission service providers within the framework of processing an order, your data will be subject there to the security standards stipulated by us in order to adequately protect your data. In all other cases, recipients may only use the data for purposes for which the data have been sent to them.
Attorney-client privilege will remain unaffected. With regard to data that are subject to attorney-client privilege, the information will only be passed on with your agreement.
Within our firm, the internal departments and organizational units who need your data in order to fulfill our contractual and legal obligations, or within the framework of processing and implementation of our justified interest, will receive your data.
We process and store your data for the duration of our business relationship. This also includes the initiation of a contract (precontractual legal relationship) and the execution of a contract.
The personal data that we record for the clients will be stored until the end of the legal storage period for lawyers (6 years after the end of the calendar year in which you ceased being a client) and erased, unless we are obligated to store the data for longer in accordance with Art. 6(1)(c) GDPR as a result of storage and documentation obligations under tax and commercial law (under the German Commercial Code, Penal Code, or Tax Code), or if you have given your consent to longer storage in accordance with Art. 6(1)(a) GDPR.
Furthermore, special statutory provisions may require longer retention such as the preservation of evidence in connection with statutory time-barring provisions (statute of limitations). Under Sections 195 et seq. German Civil Code (BGB), the regular time-barring period is three years, but time-barring periods of up to 30 years may also be applicable.
If the data are no longer required to meet contractual or statutory obligations and rights, data will be routinely erased unless its further processing - for a limited period - is necessary to fulfil the purposes listed under item no. 2.2 due to an overriding legitimate interest. Such an overriding legitimate interest is deemed to be the case, for example, if it is not possible to erase the data as a result of the particular type of storage, if such is only possible at a disproportionately great expense, and processing for other purposes is excluded by appropriate technical and organizational measures.
Data are transmitted to offices in countries outside the European Economic Area EU/EEA (third countries) whenever such is necessary to meet a contractual obligation towards you (e.g., if you are posted to another country), if such is required by law (e.g., notification obligations under tax law), if such is in the legitimate interest of us or a third party, or you have issued us with your consent to such.
At the same time, your data may be processed in a third country, including in connection with the involvement of service providers within the framework of the processing of the order. If no decision has been issued by the EU Commission regarding the presence of an appropriate level of data protection for the respective country, we warrant that your rights and freedoms will be reasonably protected and guarantied in accordance with EU data protection requirements through contractual agreements to this effect. We will provide you with detailed information on request.
You can request information on the suitable or appropriate guarantees and on the possibility of receiving a copy of these from the company data protection officer or the human resources department responsible for you.
If certain conditions are met, you can assert the following data protection rights against us:
7.1 Under Art. 7(3) GDPR, you may revoke the consent that you have issued to us at any time. The result of this is that we may no longer perform the data processing covered by this consent in future.
7.2 Under Art. 15 GDPR, you have the right to obtain information on your personal data processed by us (where applicable, with limitations in accordance with Section 34 Federal Data Protection Act).
7.3 Upon request, we will rectify or complete data stored on you in accordance with Art. 16 GDPR if such data are inaccurate or incorrect.
7.4 Upon your request, we will erase your data in accordance with the principles of Art. 17 GDPR, unless we are prohibited from doing so by other statutory provisions (e.g., statutory retention obligations or the restrictions laid down in Section 35 Federal Data Protection Act) or an overriding interest on our part (for example, to defend our rights and claims).
7.5 Taking into account the preconditions laid down in Art. 18 GDPR, you may request us to restrict the processing of your data.
7.6 In accordance with the provisions of Art. 20 GDPR, you also have the right to receive the personal data concerning you in a structured, commonly used and machine-readable format or to transmit such data to a third party.
7.7 Furthermore, you may file an objection to the processing of your data in accordance with Art. 21 GDPR, as a result of which we are obliged to stop processing your data. This right of objection only applies, however, if very special circumstances characterize your personal situation, whereby the rights of our firm may stand in the way of your right of objection.
7.8 You also have the right to revoke consent, issued to us to process personal data, at any time with effect for the future.
7.9 In addition, you have the right to complain to a data protection supervisory authority (Art. 77 GDPR). We recommend, however, that complaints should always initially be sent to our Data Protection Officer.
Your applications regarding the exercising of your rights should, if possible, be addressed in writing to the abovementioned address or directly to our Data Protection Officer.
You only need to provide data that are necessary for the commencement and performance of the business relationship, for a precontractual relationship with us, or if we are obliged to collect the data by law. Without these data, we are generally not able to conclude the agreement or continue to perform it. This may also relate to data that are required later within the framework of the contractual relationship. If we request data from you above and beyond this, you will be informed about the voluntary nature of the information separately.
Information on your right of objection under Art. 21 GDPR
1. You have the right to file an objection at any time against processing of your data carried out on the basis of Art. 6(1)(f) GDPR (data processing on the basis of a weighing-up of interests) or Art. 6(1)(e) GDPR (data processing in the public interest). The precondition for this is, however, that there are grounds for your objection emanating from your special personal situation. This also applies to profiling based on this provision within the meaning of Art. 4(4) GDPR.
If you file an objection, we will no longer process your personal data unless we can demonstrate compelling reasons warranting protection for the processing that outweigh your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims.
2. We also process your personal data in order to perform direct advertising. If you do not want to receive any advertising, you have the right to file an objection against this at any time. This also applies to the profiling to the extent that it is connected with such direct advertising. We will respect this objection with effect for the future.
We will no longer process your data for the purpose of direct advertising if you object to processing for this purpose.
The objection may be filed without adhering to any formal requirements and should be sent to
Heuking Kühn Lüer Wojtek PartGmbB
Data Protection Officer Herr Harald Eul
(HEC Harald Eul Consulting GmbH)
D-40474 Düsseldorf, Germany
Data Protection Information last updated: October 21, 2020
You may generally opt out of the use of the cookies used for the purposes of online marketing in the case of many services, above all with respect to tracking, via the US-based website http://www.aboutads.info/choices/ or via the EU-based website http://www.youronlinechoices.com/. In addition, the retention of cookies may be achieved by deactivating them in the browser settings. Please note that it may not be possible to use all of the functions of this website in that case.
We record data on each access of our server on which the service is located (server log files) on the basis of our justified interest in accordance with Art. 6(1)(f) GDPR. The access data include the name of the website accessed, file, date, and time of the access, quantity of data transferred, reporting of successful access, browser type and version, the user’s operating system, referrer URL (the page visited previously), IP address, and the enquiring provider.
Log file information will be stored for security reasons (e.g., to clarify misuse or fraud actions) for a maximum period of seven days and then deleted. Data that has to be stored for the purposes of evidence are excluded from deletion until the final clarification of the occurrence in question.
We maintain an online presence within social networks and platforms in order to communicate with the clients, interested parties, and users who are active there and to be able to inform them there about our services. When accessing the relevant networks and platforms, the terms and conditions of business and the data processing guidelines of their operators apply.
If you have given us your voluntary consent, which you may withdraw at any time, we use Google Analytics (https://marketingplatform.google.com/about/analytics/), a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, D04 E5W5, Ireland (“Google”), including its U.S. parent company Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, on this website to analyze and regularly improve the use of this website. The statistics allow us to improve our offering and to make it more interesting for you as a user. In exceptional cases, personal data may be transferred to the U.S.A. and may be stored there. In general, the U.S.A. has a level of data protection which, in the opinion of the CJEU, does not fully reach the level of data protection existing in the EU. No adequacy decision by the European Commission or appropriate safeguards are available. In particular, there is a risk or it cannot be ruled out that, within the scope of the laws applicable there, state authorities - with only limited legal protection - may also gain access to such data. A data protection agreement exists with Google LLC, which includes the EU Standard Contractual Clauses. Additional information from Google is available at https://privacy.google.com/businesses/compliance/ - !/%23gdpr.
Legal basis for the use of Google Analytics is the consent in accordance with Article 6(1)(a) GDPR.
Google Analytics uses “cookies”, which are text files that are placed on your computer, to analyze how users use the website. The information generated by the cookie about your use of this website is usually transferred to a Google server in the U.S.A. and is stored there.
By activating IP anonymization on this website, your IP address will be abbreviated by Google within European Union Member States or in other signatory states of the Agreement on the European Economic Area prior to transfer. Only in exceptional cases will the full IP address be transferred to a Google server in the U.S.A. and will be abbreviated there. Google’s data center locations can be found at: https://www.google.com/about/datacenters/locations/index.html. On behalf of the operator of this website, Google will use this information for the purposes of evaluating your use of the website, compiling reports on website activity, and providing other services relating to website activity and internet use. The IP address transmitted by your browser within the scope of Google Analytics will not be merged with other Google data unless you have granted permission to do so in your Google account.
You may revoke the consent given to us at any time with effect for the future by preventing the storage of cookies by way of an appropriate setting in your browser software. We would like to point out, however, that in this case you may not be able to use all functions of this website to their full extent.
Additionally, you may revoke your consent given to us at any time with effect for the future as follows: To revoke any consent given to us at any time or to individually adjust your cookie settings (including selecting & deselecting cookies), please click on the “Cookie declaration” link in our website’s “Data Protection” section and make the relevant selections.
You also have the option of preventing the collection of data generated by the cookie and related to your use of the website (including the abbreviated IP address) and the processing of this data by Google by downloading and installing a browser plugin available at the following link: http://tools.google.com/dlpage/gaoptout?hl=en.
The personal or pseudonymous data will be deleted or anonymized after 14 months.
We use the marketing and remarketing services (abbreviated to “Google Marketing Services”) of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland, (“Google”) on the basis of our justified interests (i.e., interest in the analysis, optimization, and economic operation of our online content as defined under Art. 6(1)(f) GDPR).
In general, the U.S.A. has a level of data protection which, in the opinion of the CJEU, does not fully reach the level of data protection existing in the EU. No adequacy decision by the European Commission or appropriate safeguards are available. In particular, there is a risk or it cannot be ruled out that, within the scope of the laws applicable there, state authorities - with only limited legal protection - may also gain access to such data. A data protection agreement exists with Google LLC, which includes the EU Standard Contractual Clauses. Additional information from Google is available at https://privacy.google.com/businesses/compliance/ - !/%23gdpr.
Google Marketing Services allow us to show advertisements for and on websites in a more targeted way in order only to present users with advertisements that may be of interest to. If users, for example, are shown advertisements for products that they have shown an interest in on other websites, this is known as “remarketing.” For these purposes, when our website and other websites on which Google Marketing Services are active are accessed, a code is executed by Google and (re)marketing tags (invisible graphics or codes, which are also known as "web beacons") are incorporated into the website. These are used to save an individual cookie on the user’s device, i.e., a small file (comparable technologies can also be used instead of cookies). The cookies can be created by various different domains, including google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com, or googleadservices.com. This file records which websites users look at, what content they show an interest in, and which offerings they click on. The file also contains technical information about the browser and operating system, referring websites, duration of the visit, as well as other information about the use of the online content. The IP addresses of users are also recorded, although we state within Google Analytics that the IP addresses within the member states of the European Union or in other signatory states of the Agreement on the European Economic Area and only sent in full to Google server in the USA and abbreviated there. The IP address is not combined with the users’ data within other offers from Google. Google an also combine the aforementioned information with information from other sources. If users then visit other websites, they can be shown advertisements tailored to their interests.
The users’ data is processed in a pseudonymous manner within Google Marketing Services. This means that Google does not process the name or email addresses of the users, but rather processes the relevant data based on cookies within pseudonymized user profiles. This means that from the point of view of Google, the information is not managed and viewed for a concrete, identified person, but rather for the cookie owner, irrespective of who this cookie owner is. This does not apply if a user has expressly given Google permission to process the data without this pseudonymization. The information collected by Google Marketing Services about the users is transmitted to Google and stored on Google’s servers in the USA.
In addition, we may use the "Google Tag Manager" in order to incorporate the Google analysis and marketing services into our website and to manage them.
If you want to opt-out of interest-based advertising by Google Marketing Services, you can make use of the settings and opt-out options provided by Google: https://adssettings.google.com/authenticated.
On the basis of our legitimate interests (i.e. interests in the optimization of the performance, to secure this website and to optimize loading times and security of our online offer and recognition of the language settings of the user within the meaning of Article 6 Para. 1 letter F GDPR), we use the Cloudflare CDN service from Cloudflare, Inc. ("Cloudflare"). In this connection, personal data may be transmitted to Cloudflare by the browser you are using, but this data will be deleted once the purpose has been achieved.
You can find further information about data use by Cloudflare, setting and objection options on Cloudflare's website: https://www.cloudflare.com/privacypolicy/
In the following, we inform you about content of our newsletters, as well as the processes for registration, distribution, and statistical evaluation, as well as your right to opt out. By subscribing to our newsletter, you state that you agree to receive it and to the processes described.
Content of the newsletters: we send newsletters, emails, and other electronic notifications with promotional information (hereinafter: “Newsletter”) only with the consent of the recipient or legal permission. If the content of a registration to receive a newsletter is outlined in concrete terms within the registration, that content will be decisive with regard to the consent of the user. In addition, our newsletters contain information about our events, offers, campaigns, and our company.
Double opt-in and logging: registering to receive our newsletter takes place in a “double opt-in procedure,” i.e., after registration you will receive an email in which you will be asked to confirm your registration. This confirmation is necessary so that no one can register with someone else’s email address. A log is kept of registrations for the Newsletter in order to be able to prove that the registration process took place in accordance with the legal requirements. This includes the saving of the time of registration and confirmation, as well as the IP address. A record will be kept of changes in your data that is stored by the distribution provider.
In addition, the distribution provider may use these data in a pseudonymized form based on its own information, i.e., without allocation to a user, in order to optimize or improve its own services, e.g., for technical optimization of the distribution and the presentation of the newsletter or for statistical purposes in order to determine which country the recipients come from. The distribution provider will not, however, use the data of our newsletter recipients to write to them itself, nor will it pass on the data to third parties.
Registration data: to register for the Newsletter, it is sufficient to enter your email address. As an option, please enter a name so that we can address you personally in the Newsletter.
Performance measurement: the newsletters contain a “web beacon,” i.e., a pixel-sized file that is accessed by the server of the distribution provider when the Newsletter is opened. During this access, initially technical information, such as information about the browser and your system, as well as your IP address and the time of access. This information will be used for the technical improvement of the services based on the technical data or the target groups and their reading behavior based on the locations of access (which can be determined with the aid of the IP address) or the access times. The statistical records will also include the determination of whether the Newsletters are opened, when they are opened, and what links are clicked on. For technical reasons, it is possible to allocate this information to the individual Newsletter recipients. It is, however, not our aim, or that of the Distribution Provider, to observe individual users. Rather, the analysis serves the purpose of recognizing the reading habits of our users and adjusting our content to suit them or to send different information in line with the interests of our users.
Germany: The distribution of the Newsletter and performance measurement take place on the basis of consent from the recipient in accordance with Art. 6 6(1)(a), Art. 7 in conjunction with Section 7(2)(3) German Act Against Unfair Competition or on the basis of legal permission in accordance with Section 7(3) Act Against Unfair Competition.
The recording of the registration procedure is performed on the basis of our justified interests in accordance with Art. 6(1)(f) GDPR and serves as proof of consent for receipt of the newsletter.
Termination/cancellation: you can terminate your agreement to receipt of our newsletter at any time, i.e., revoke your consent. You will find a link for cancellation option of the newsletter at the end of each newsletter. If the user has only registered for the newsletter, his/her personal information will be erased.
On the basis of our justified interest (i.e., an interest in the analysis, optimization, and economic operation of our website in accordance with Art. 6(1)(f) GDPR), within our website we offer content and services from third party providers in order to incorporate their content and services, such as videos and fonts (hereinafter referred to collectively as “Content”). The prerequisite for this is that the third-party providers of this Content have to use the IP address of the user because without the IP address, they cannot send the Content to the browser. The IP address is therefore necessary for the provision of this Content. We make every effort only to use Content if the providers only use the IP address for the provision of the Content. Third party suppliers can also use “pixel tags” (invisible graphics also known as "web beacons") for statistical or marketing purposes. The "pixel tags" can be used to evaluate information on the user traffic to the pages of this website. The pseudonymous information can also be stored in cookies on the user’s device and among other things includes technical information about the browser and operating system, referring websites, visit times, and also other information on the use of our online content. This information can also be connected with information of this kind from other sources.
The following description offers an overview of third-party providers, as well as their content, and also links to their Privacy Policies, which contain further details on the processing of data and opt-out options, some of which have already been mentioned:
For this purpose, we use the "extended data protection mode" for the integration of the YouTube videos, through which a cookie is only stored on the user's computer when the respective YouTube video is played. YouTube states that no personal cookie information is stored when embedded videos are played in extended privacy mode. Further information on data processing and notes on data protection by YouTube (Google) can be found at www.google.de/intl/de/policies/privacy/. If you want to ensure that YouTube does not receive any data from you, please do not click on the embedded YouTube videos.
Data Protection Information last updated: October 21, 2020