General Privacy Notice
General information on the processing of personal data by Hengeler Mueller
The purpose of this notice is to inform you about the processing of your personal data by Hengeler Mueller Partnerschaft von Rechtsanwälten mbB ("Hengeler Mueller" or the "law firm"). This information notice is intended for any natural person (in particular, representatives, contact persons or employees of our clients or other business partners as well as guests whom we have the pleasure of welcoming at our events) with whom we have (or will imminently have) an attorney-client relationship, or a contract, service or business relationship or any other relationship of communication.
We take the confidentiality and the protection of your personal data very seriously. Therefore, we process your personal data only to the extent permissible under statutory provisions, in particular, under the EU General Data Protection Regulation ("GDPR") and the German Federal Data Protection Act (Bundesdatenschutzgesetz).
If you have any questions about this information notice or our policies regarding the processing of your personal data, you can always address any of the contact details below.
I. Responsibilities and contact details
The data controller, i.e., the person responsible for processing your personal data is:
Partnerschaft von Rechtsanwälten mbB
You can find a list of all offices here.
If you instructed one of our lawyers based in Berlin or Frankfurt in his/her capacity as notary, the data controller is the respective notary. You can find a list of our lawyers who are registered as notaries here.
Our data protection officer who has been appointed for our lawyers and notaries is available by email at: firstname.lastname@example.org
or by mail to:
Partnerschaft von Rechtsanwälten mbB
Datenschutzbeauftragte (Data Protection Officer)
Benrather Strasse 18-20
Telephone: +49 211 8304 405
II. Processing of your personal data
Subject matter of our data processing are your contact details as well as, if applicable, other personal data required for the provision of our services or our communication with you (e.g. information that (i) is typically found in legal documents (contracts, legal briefs, etc.) and/or public registers, e.g. land register, commercial register and register of associations, (ii) was the content of our correspondence with you, or (iii) relates to your legal relationships with your employer or third parties, such as HR data, file or case numbers, or loan reference numbers or the account numbers kept with credit institutions.
If you have not provided us with your personal data yourself, we either received such data from our clients, business partners, service providers or cooperation partners for which you act as representative or employee, as the case may be, or via which you are being invited to our events, or we collected the data from publicly available sources, including, without limitation, company websites, event lists of participants or industry directories.
We process your personal data to the extent that this is necessary for the purposes of the legitimate interests pursued by Hengeler Mueller (Art. 6 (1) lit. f GDPR), in particular,
- in order to enter into or execute engagement letters, instructions of our notaries, contracts and other business relationships (including the processing of purchase orders, deliveries or payments) or in order to prepare or reply to quotation requests and to determine the conditions of the contractual relationship, namely with our clients, business partners, service providers or cooperation partners for whom you act as representative or employee, as the case may be;
- for internal administrative purposes of the law firm (e.g., for accounting purposes, Knowledge Management);
- in order to conduct anti-terrorism and sanctions lists screenings, if applicable;
- in order to conduct court and administrative proceedings and/or for purposes of asserting/exercising, as well as defending against, legal claims in Germany and abroad, and to also, inter alia, exercise legal professional privilege as well as to ensure other special rights of confidentiality;
- in order to provide you – to the extent relevant for your business activity – with our client information, such as newsletters informing about current legal topics or events organized by our law firm;
- for any other communication purposes;
- in order to ensure IT security and IT operations at our law firm;
- in order to engage service providers (e.g., external IT service providers) who support our business processes;
- in order to prevent criminal offences and conduct compliance investigations in individual cases and the associated (also electronic) review of correspondence and documentation;
- in order to plan and conduct events to which you are invited, as well as to also report on these events on our intranet site, which can entail the publication of photo and video material (in which you can be identified) on our intranet site.
Moreover, personal data is processed in order to perform contracts entered into or to fulfil orders placed by individuals (natural persons) with whom we have business relationships (Art. 6 (1) lit. b GDPR).
If you choose not to provide us with your personal data, we are unable to perform the contractual relationship and/or cannot fulfil the above stated communication purposes.
In addition, we are in part required by law to process personal data (Art. 6 (1) lit. c) GDPR). For example, pursuant to the provisions of the German Anti-Money Laundering Act (Geldwäschegesetz, "GWG"), we are obliged to identify our clients and, hence, need you to provide us with the necessary information (Sec. 11 (6) sentence 1 GWG). According to Sec. 50 of the German Federal Lawyers' Act (Bundesrechtsanwaltsordnung), we are obliged under professional law (Berufsrecht) to keep and manage attorneys' reference files; to this purpose, we may use electronic data processing.
Data are processed in connection with the services provided by our notaries on the basis of Art. 6 (1) lit. e) GDPR to extent that the data processing is necessary to fulfil the tasks that have been entrusted to our notaries in the public interest.
III. Confidentiality and erasure of your personal data
Each of our employees as well as all staff members of third-party service providers who have access to personal data are obliged to treat such data confidentially.
We will delete your personal data after termination of our attorney-client, contract or service relationship or our contact if the storage is not necessary for the fulfilment of our (post) contractual obligations or the legitimate interests cited in this data protection notice anymore and if there are no statutory retention obligations. If there are statutory retention obligations we will restrict the processing of the data.
IV. Disclosure of your personal data
We will transmit your personal data only on the basis of (and in accordance with) the statutory provisions or if and to the extent that you have consented to such transmission in the individual case.
To the extent required for the purposes outlined under II. above, your personal data may be disclosed to service providers within and outside the European Economic Area (EEA) who perform specific services for us such as, for example, IT services (processors). We will commit the service providers to secrecy; the service providers will process personal data only in accordance with our instruction.
In the course of our law firm's usual work processes and for the purposes specified under II. above, it is possible that we disclose your data to third parties within and outside the EEA, for example to our business partners or to law firms with whom we work together on a client matter, to translators, opponents or to other third parties.
In addition, we can – to the extent legally permissible – disclose your data to authorities (such as social security institutions, tax authorities or law enforcement agencies), public registers and domestic and foreign courts in order to comply with statutory duties or in order to act in the interests of our law firm. This may include foreign authorities and courts.
Countries located outside the EEA may not have data protection laws and regulations comparable to the ones applicable in the EU. To the extent that no statutory level of security comparable to the European data protection laws exists in such countries, we will adopt appropriate measures to ensure that your personal data will be adequately protected in these countries. In particular, we may apply the standard contractual clauses published by the European Commission. You may contact our data protection officer for further information, and, in particular, request inspection of the contracts concluded.
V. Your rights
Subject to the statutory requirements, the fulfilment of which must be assessed on a case-by-case basis, you have the right to receive information about your personal data, to require rectification or erasure of your personal data or the restriction of the processing and to receive your personal data in a structured, commonly used and machine-readable format (data portability).
Subject to the statutory requirements, the fulfilment of which must be assessed on a case-by-case basis, you also have the right to object to the processing of your personal data.
To the extent that we process your personal data in order to inform you about our advisory services and current developments to the extent this is relevant for your business activity, you can object to a processing of your personal data at any given time and without stating any reasons.
Further, you are entitled to lodge a complaint with a supervisory authority regarding the processing of your personal data.
VI. Changes to this information
This notice is the version of June 2019 and is currently applicable.
In the event our activities and/or our services change or as a result of amended statutory and/or administrative provisions, it may become necessary to amend this notice. The most recent and applicable version of this notice can be accessed, saved and printed at any time via our website.