Privacy Notice

The legal basis for processing your data when surfing our website regularly depends on the purpose of your visit. Insofar as you wish to inform yourself about our offers on our website and, if applicable, contact us for an assignment, the legal basis is Art. 6 para. 1 lit. b) GDPR (initiation of a contract). For general information purposes in other respects, the legal basis is our legitimate interest in operating a website for general information and communication purposes and for presenting our law firm, and your legitimate interest in viewing it (Art. 6 para. 1 f) GDPR). The processing of log files is based on our legitimate interests according to Art. 6 para. 1 lit. f) GDPR. Our legitimate interest is to protect our facilities and systems from attacks and, if necessary, to take legal action against attackers, as well as to further develop our websites for economic purposes.

Our IT department has access to log files and will share them with our internal and external recipients, including the appropriate authorities, as necessary to exercise our legal rights regarding unauthorized intrusions into our website.

Our website is operated via servers of the company „NetBuild GmbH“, Alfred-Nobel-Allee 38, 66793 Saarwellingen, which acts as a service provider for hosting services on our account (Art. 28 GDPR).

We do not transfer your personal data to any third country or international organisation in connection with your visit to our website.

The log files are stored for 14 days. All other data is deleted immediately after the HTTP/S call has been executed.

Without the processing of the aforementioned personal data, you will not be able to view or visit our website.

Visits to our social media sites, user statistics

When you visit our social media sites – regardless of whether you are logged in – the respective social media provider collects personal user data (usage data), some of which is shared with us in the form of user statistics. However, we do not have full access to collected data or your profile data.

For example, the following information may be provided to us anonymously:

• Followers/fans etc.: Development of the number of people who follow Seitz.
• Reach: e.g. number of people who see a specific post.
• Ad performance (if relevant): How many people have seen an ad?
• Demographics: average age of visitors, gender, place of residence, language.

However, we cannot draw any conclusions about individual users from the usage data. Statistics are only used to improve the online offer on our social media sites and to better respond to user interests.

Interaction

If you interact with us via the social media presences, e.g. by sending us an application or other message or commenting on posts, the corresponding content of the interaction will be processed by Seitz. In addition, Seitz may be able to see the public information of your profile, which you can manage yourself.

The legal basis for the above-mentioned processing by Seitz in connection with job applications is generally Section 26 para.1 sentence 1 of the German Data Protection Act – BDSG (necessity for the decision on the establishment of an employment relationship).

Apart from that, Art. 6 para. 1 lit. f) GDPR (our legitimate interest to conduct business correspondence or e.g. to answer inquiries about us as an employer) is the legal basis for the processing.

Your data will only be used or forwarded by us internally by the respective responsible persons. For information on who is involved in the processing of data at the respective social media provider, please refer to the privacy policy of the respective social media network.

We do not transfer your personal data to any third country or international organization in connection with our social media presences.

It is possible that an operator of social media platforms connects to servers in third countries (e.g. USA) as part of its services and transmits your personal data there. You will find information on this in the privacy policy of the respective social media provider.

As a matter of principle, we do not store any personal data on the servers we use in connection with our social media sites, except in the cases mentioned below in which we process your information internally (direct communication, e.g. applications). In these cases, the explanations given in section 7 apply to job applications, and the explanations given in section 8 apply to other communication.

We also regularly have access to the data stored by the respective social media platform. For more information on the storage of your personal data by the operator of the social media platform itself, please refer to the privacy policy of the respective social media provider.

You are not obliged to provide your personal data. However, without processing your personal data, the use of our social media presences is not possible or only possible to a limited extent.

Depending on the circumstances of the case, personal data of different data subjects may be processed, including data of:

• Clients and their respective mandate holders, representatives, and employees
• Counterparties or contractual partners of our clients and their respective mandate holders, representatives, and employees
• Other advisors, consultants and freelancers dealing with the mandate, as well as their respective mandate holders, representatives, and employees
• Our partners and employees
• Third parties such as court personnel, witnesses and other natural persons involved in the mandate.

Depending on the nature of the mandate and the information provided to us or obtained in the course of the mandate, Mandate Data may include different types of personal data. The types of personal data we normally process in relation to a mandate include client contact details and communications data.

Depending on the mandate, we also process „special categories of personal data“ within the meaning of Article 9 para. 1 of the GDPR (e.g. health data) and personal data relating to criminal convictions and offences or related security measures within the meaning of Article 10 of the GDPR. Of course, we limit the processing of personal data and in particular sensitive personal data to the minimum necessary.

• The basis for the processing of client data by us is usually our legitimate interests in providing our (Advisory) services to our clients (Art. 6 para. 1 lit. f) GDPR). This processing is also necessary to protect the legitimate interest of our clients in receiving advisory services and, if applicable, representation by us.
• We also have a legitimate interest in processing client data in order to fulfil certain obligations in connection with the operation of our firm, such as maintaining our client relationships and record keeping and invoicing and for tax purposes (Art. 6 para. 1 lit. c) GDPR).
• We also process client data to comply with our legal obligations under applicable laws.

We process special categories of personal data where necessary:

• for the assertion, perception, or defence of legal claims,
• on the basis of your consent,
• in the context of labour law and social security law,
• in the context of personal data published by the data subject

and/or for reasons of public interest in connection with a statutory provision.

In connection with a mandate, our clients normally provide us with personal data which we need to process the mandate in our capacity as legal advisors.

However, we may obtain certain personal information from other sources, such as public records and databases, judicial and public records, and our communications with third parties and other counsel involved in the matter.

In the course of our work on a mandate, we share certain personal data where necessary and subject to appropriate conditions of confidentiality and data protection:

• if necessary, on a case-by-case basis, with other freelance consultants, including those working with us on a mandate
• with other parties who supply goods or provide services to us for the purpose of supporting our work on a mandate (e.g. providers of legal technology) or in connection with the administration of Seitz’s activities in the normal course of the firm’s business; and/or
• with our freelance consultants and insurers if the provision of their services is necessary for us.

Where applicable, we share business development data within our seitz.global network and with certain third parties who assist us in managing our activities in the regular course of our partnership. Appropriate safeguards for the transfer of personal data are provided through standard contractual clauses. This processing is based on your consent or that the transfer complies with data protection law for other reasons. In addition, we at Seitz have established binding data protection and information security policies that govern all of our internal data processing operations.

We only retain personal data for as long as there is a legitimate reason or other legal ground for doing so, and we will review these legal grounds regularly. We regularly review the existence of a reason for retention. If there is no longer a legal reason to retain the data, we will securely delete or in some cases anonymise personal data.

If you do not provide us with your personal data, we will not be able to carry out the contractual relationship or fulfil the above-mentioned communication purposes.

The processing is based on our legitimate interest to pursue business development interests or, if applicable, to carry out pre-contractual measures that take place at the request of the data subject (Art. 6 para. 1 lit. f), Art. 6 para 1 lit. b) GDPR).

On a case-by-case basis, we share certain business development data with our business partners (e.g., cooperating law firms in our seitz.global network) and certain other parties who assist us in our business development activities in the normal course of law firm operations (e.g., marketing service providers).

Where applicable, we share business development data within our seitz.global network and with certain third parties who assist us in managing our activities in the regular course of our partnership. Appropriate safeguards for the transfer of personal data are provided through standard contractual clauses. This processing is based on your consent or that the transfer complies with data protection law for other reasons. In addition, we at Seitz have established binding data protection and information security policies that govern all of our internal data processing operations.

We retain personal data for as long as there is a legitimate reason or other legal ground for doing so. We regularly review the existence of a reason for retention. If there is no longer a legal reason to retain the data, we will securely delete or in some cases anonymise personal data.

If we collect business performance data directly from you, you have full discretion over how and what you disclose to us. There are no negative consequences for you if you do not provide us with business development data.

Generally, we receive all applicant data directly from you.

When we conduct pre-employment checks, we also receive data from third parties (e.g. previous employers or other references).

In general, the processing is based on the fact that we carry out pre-contractual measures upon your request as a data subject or fulfil a contract concluded with you (Art. 6 para. 1 lit. b) GDPR). Furthermore, the processing is based on relevant national regulations on data protection in the employment context (in particular Section 26 German Data Protection Act – BDSG).

Some applicant data is processed to ensure compliance with certain obligations under laws or regulations.

If we need to process special categories of personal data, we will ask for your consent where necessary.

We only pass on your data within our firm to the department responsible for your application. In addition, we will only pass on your personal data to other recipients if there is a legal obligation of notification, for example towards the authorities.

We retain personal data for as long as there is a legitimate reason or other legal basis for doing so. We regularly review the existence of a legal basis for retention. If there is no longer a legal basis for retaining the data, we will securely delete or in some cases anonymise personal data.

Your application data will be stored for the duration of the review of your application. If your application is unsuccessful or if you withdraw your application, your application data will be deleted unless longer retention is permitted or required by another legal basis (e.g. to exercise our legal rights or to comply with applicable law).

Furthermore, your personal data may be retained for evidential purposes for the period during which there is a possibility that claims may be brought against Seitz (e.g. on the basis of national anti-discrimination legislation). If your application is successful, any data provided as part of the application process may be further processed for (or in relation to) your future employment with us. For more information about the processing of your personal data in connection with your employment, you will be able to access the internal privacy statement available to our staff on the intranet.

If you do not provide us with the aforementioned personal data, this will not have any negative consequences for you. However, incomplete or inaccurately completed applications cannot be considered. Unfortunately, without providing your personal data, the application cannot be submitted and will therefore be deleted.

The processing of your data in the context of communication via the contact form or by e-mail is based on Art. 6 para. 1 lit. b) GDPR, insofar as the exchange is related to the initiation or performance of a contract with you. Otherwise, the legal basis depends on the specific purpose of the exchange. In most cases, Art. 6 para. 1 lit. f) GDPR (our legitimate interest in conducting business correspondence or communicating with customers or, for example, answering inquiries about data protection) will be relevant.

We will only pass on your communication data internally to the respective department at Seitz responsible for your request.

We retain personal data for as long as there is a legitimate reason or other legal ground for doing so. We regularly review the existence of a reason for retention. If there is no longer a legal reason to retain the data, we will securely delete or in some cases anonymise your personal data.

You are not obliged to provide us with your personal data. However, we need the relevant data to contact you and respond to your request.

You have the right to be informed whether and, if so, to what extent we process your data.

Subject to certain exceptions, you have the right to obtain confirmation as to whether or not we are processing your personal data. If this is the case, you have a right of access to your data.

If the personal data we process is incomplete or inaccurate, you have the right to request that the data be completed or corrected at any time.

Subject to certain exceptions, you have the right to request the erasure of all or some of your personal data if you consider that processing should cease. However, there may well be reasons why immediate erasure is not possible (for example, where retention is required by legal or regulatory obligations).

You are entitled to request that we restrict the processing of your personal data in certain cases:

• If you dispute the accuracy of your personal data, you may request that its processing be restricted while we verify its accuracy.
• If the processing of your personal data is deemed to be unlawful but you object to erasure of your personal data.
• If we no longer need the data for the purposes of its processing but you need it for the assertion, exercise or defence of legal claims.
• If you object to our processing of your data on the basis of our legitimate interests.

If the processing is based on your consent or a contract and is automated, you have the right to request that we provide your personal data in a machine-readable format.

You have the right to object to decisions based solely on the automated processing of your personal data.

If your personal data is processed on the basis of your consent, you have the right to revoke your consent at any time. The revocation of your consent does not affect the lawfulness of the processing based on your consent until your revocation.

Refers to an independent public authority established under Article 51 GDPR.

Refers to all advisory services provided by us, including legal and tax advice services.

According to Art. 9 GDPR, this term relates to personal data that allows conclusions to be drawn about racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data in the sense of a unique identification of a natural person, data relating to health or data relating to the sex life or sexual orientation of a natural person.

A cookie is a small text file consisting of letters and numbers that – if you agree – is stored on your browser or your computer’s hard drive. Cookies contain information that is transferred to your computer’s hard drive.

Refers to all applicable laws, rules and regulatory requirements relating to the processing of personal data, including, where applicable, the GDPR (and any laws, rules and regulations implementing the foregoing).

This is a country which is not a member of the European Union or the European Economic Area or which is not covered by the European Commission’s „adequacy decision“.

Stands for the EU General Data Protection Regulation (Regulation (EU) 2016/679), including national implementing laws.

Designates Seitz Rechtsanwälte Steuerberater Partnerschaftsgesellschaft mbB, Aachener Str. 621, 50933 Cologne, Germany

Is a matter in respect of which we agree to provide advice or services to a client.

Has the meaning given to that term in Section 5 of this Privacy Policy (Advising Our Clients).

Is any information that relates to an identified or identifiable living person.

A collection of contractual clauses recognised and approved by the European Commission (Decision 2004/915/EC) as appropriate safeguards for transfers of personal data to a third country.

Telemedia Act of 26 February 2007 (BGBl. I p. 179) as amended.

This is the legal or natural person who alone or jointly with others determines the purposes and means of the processing of personal data.

Means anything done to or with personal data (including, without limitation, collecting, recording, holding, disclosing, transmitting, making available, using or deleting such data).