Kanzlei Forssman
Alexander Forssman
Attorney at Law
Kapellenweg 22
85625 Baiern
Germany
phone: +49.8093.9056895
fax: +49.8093.9056896
attorney (@) forssman.com
www.forssman.com
Please find below some general information on data processing (I.), the most important information about typical data processing sorted by groups of data subjects (II.) as well as an overview about your rights (III.). For certain data processing activities, which relate only to specific groups, the (additional) duties to provide information are met separately.
Where the term “data” is used in the text, in each case it refers only to personal data as defined in the European General Data Protection Regulation (GDPR) [(EU) 2016/679].
1. Which personal data do we collect?
2. How do we collect your personal data?
3. Are you required to provide personal data?
4. For which purpose will we use your personal data?
5. With whom will we share your personal data?
6. Personal data about other people which you provide to us
7. Keeping personal data about you secure
8. Updating personal data about you
9. Updates to this Privacy policy
1. Website Visitors
2. Clients and employees of clients
3. Parties Concerned and Employees of Parties Concerned
4. Service Providers, Business Partners and their Employees
5. Recipients of newsletters, persons invited and participants in events
6. Prospective Clients and Communication Partners
7. Applicants for Employment
1. Which personal data do we collect?
The personal data we collect may include:
• Contact information, such as your name, job title, postal address, including your home address, where you have provided this to us, business address, telephone number, mobile phone number, fax number and email address;
• Payment data, such as data necessary for processing payments and fraud prevention, including credit/debit card numbers and other related billing information;
• Further business information necessarily processed in a project or client contractual relationship with us or voluntarily provided by you, such as instructions given, payments made, requests and projects;
• Information collected from publicly available resources and public registers;
• Other personal data regarding your preferences relevant to services we provide; and/or
• Details of your visits to our premises.
2. How do we collect your personal data?
We may collect personal data about you in a number of circumstances, including
• When you or your organisation seek legal advice from us or use any online client services;
• When you or your organisation browse or otherwise interact on our website;
• When you attend a seminar or event we offer; or
• When you or your organisation offer to provide or provide services to us.
In some circumstances, we collect personal data about you from a third-party source. For example, we may collect personal data from your organisation, other organisations with whom you have dealings, government agencies, a credit reporting agency, an information or service provider or from a publicly available record.
3. Are you required to provide personal data?
As a general principle, you will provide us with your personal data entirely voluntarily; there are generally no detrimental effects for you if you choose not to consent or to provide personal data. However, there are circumstances in which we cannot take action without certain of your personal data, for example because this personal data is required to process your instructions or orders, provide you with access to a web offering or newsletter or to carry out a legally required compliance screening. In these cases, it will unfortunately not be possible for us to provide you with what you request without the relevant personal data and we will notify you accordingly.
4. For which purpose will we use your personal data?
In general, we may use your personal data for the following purposes only:
• Providing legal advice or other services or things you may have requested, including online or legal technology services or solutions as instructed or requested by you or your organisation;
• Managing and administering your or your organisation’s business relationship with us, including processing payments, accounting, auditing, billing and collection, support services;
• Compliance with our legal obligations (such as record keeping obligations), compliance screening or recording obligations (e.g. under antitrust laws, export laws, trade sanction and embargo laws, for anti-money laundering, financial and credit check and fraud and crime prevention and detection purposes), which may include automated checks of your contact data or other information you provide about your identity against applicable sanctioned-party lists and contacting you to confirm your identity in case of a potential match or recording interaction with you which may be relevant for compliance purposes;
• To analyse and improve our services and communications to you;
• Protecting the security of and managing access to our premises, IT and communication systems, online platforms, websites and other systems, preventing and detecting security threats, fraud or other criminal or malicious activities;
• For insurance purposes;
• For monitoring and assessing compliance with our policies and standards;
• To identify persons authorised to trade on behalf of our clients, customers, suppliers and/or service providers;
• To comply with our legal and regulatory obligations and requests anywhere in the world, including reporting to and/or being audited by national and international regulatory bodies;
• To comply with court orders and exercises and/or defend our legal rights; and
• For any purpose related and/or ancillary to any of the above or any other purpose for which your personal data was provided to us.
Where you have expressly given us your consent, we may process your personal data also for the following purposes:
• Communicating with you through the channels you have approved to keep you up to date on the latest legal developments, announcements, and other information about our services, products and technologies (including client briefings, newsletters and other information) as well as our events and projects;
• Customer surveys, marketing campaigns, market analysis, sweepstakes, contests or other promotional activities or events; or
• Collecting information about your preferences to create a user profile to personalise and foster the quality of our communication and interaction with you (for example, by way of newsletter tracking or website analytics).
5. With whom will we share your personal data?
We may share your personal data in the following circumstances:
• If you are a client of Kanzlei Forssman, or are contracted to or are an agent of a client of Kanzlei Forssman, we may disclose your personal data to:
– Barristers, other legal specialists (including mediators), consultants or experts engaged in your matter; or
– Foreign law firms for the purpose of obtaining foreign legal advice;
• If we have collected your personal data in the course of providing legal services to any of our clients, we may disclose it to that client, and where permitted by law to others for the purpose of providing those services;
• We may share your personal data with companies providing services for money laundering checks, credit risk reduction and other fraud and crime prevention purposes and companies providing similar services, including financial institutions, credit reference agencies and regulatory bodies with whom such personal data is shared;
• We may share your personal data with any third party to whom we assign or novate any of our rights or obligations;
• We may share your personal data with courts, law enforcement authorities, regulators or attorneys or other parties where it is reasonably necessary for the establishment, exercise or defence of a legal or equitable claim, or for the purposes of a confidential alternative dispute resolution process;
Otherwise, we will only disclose your personal data when you direct us or give us permission, when we are required by applicable law or regulations or judicial or official request to do so, or as required to investigate actual or suspected fraudulent or criminal activities.
6. Personal data about other people which you provide to us
If you provide personal data to us about someone else (such as one of your directors or employees, or someone with whom you have business dealings) you must ensure that you are entitled to disclose that personal data to us and that, without our taking any further steps, we may collect, use and disclose that personal data as described in this Privacy Policy. In particular, you must ensure the individual concerned is aware of the various matters detailed in this Privacy Policy, as those matters relate to that individual, including our identity, how to contact us, our purposes of collection, our personal data disclosure practices, the individual’s right to obtain access to the personal data and make complaints about the handling of the personal data, and the consequences if the personal data is not provided (such as our inability to provide services).
7. Keeping personal data about you secure
We will take appropriate technical and organisational measures to keep your personal data confidential and secure in accordance with our internal procedures covering the storage, disclosure of and access to personal data. Personal data may be kept on our personal data technology systems, those of our contractors or in paper files.
8. Updating personal data about you
If any of the personal data that you have provided to us changes, for example if you change your email address or if you wish to cancel any request you have made of us, or if you become aware we have any inaccurate personal data about you, please let us know by sending an email to attorney (@) forssman.com. We will not be responsible for any losses arising from any inaccurate, inauthentic, deficient or incomplete Personal Data that you provide to us.
9. Updates to this Privacy policy
This Privacy Policy was last updated in May 2018. We reserve the right to update and change this Privacy Policy from time to time in order to reflect any changes to the way in which we process your personal data or changing legal requirements. In case of any such changes, we will post the changed Privacy Policy on our website or publish it otherwise. The changes will take effect as soon as they are posted.
1. Website Visitors
1.1 Our web server processes a range of data for each request, which your browser automatically transmits to our web server. This includes the IP address allocated to your device, the date and time of the request, the time zone, the specific page or file accessed, the http status code and the data quantities transmitted; in addition, the website from which your request originated, the browser used, the operating system of your device and the language used. The web server uses these data to make the contents of this website available in the best possible way on your device.
1.2 The purpose of the data processing is the online presentation of our law firm and its services as well as the interaction with communication partners. No change in these purposes is planned.
1.3 The legal basis for the processing during the use of the website is article 6(1) item f) GDPR (legitimate interest, specifically operation of a website and user interaction).
1.4 Log and communications data are not passed on to third parties. In the event of the suspicion of a crime or in investigative proceedings, data may be transmitted to the police and the public prosecutor’s office. We use processors by means of service agreements to perform services, in particular to provide, maintain and support IT systems.
1.5 IP addresses are anonymised at the latest after 24 hours. Pseudonymous usage data are deleted in each case after three months at the latest. Communication content is deleted after ten calendar years.
1.6 Use of the website without disclosure of personal data such as the IP address is not possible. Communication via the website without providing data is not possible.
2. Clients and employees of clients
2.1 We process your data for the purposes of performing or entering into a client agreement and to comply with legal obligations. We also process your data to provide you with information on legal developments, news from our law firm and to invite you to events. No change in these purposes is planned.
2.2 The legal bases for processing of data from clients who are natural persons is article 6(1) item b) GDPR (client agreement) and for processing of data from employees or representatives of legal entities article 6(1) item f) GDPR (legitimate interest, specifically communication with relevant client contact persons) and article 6(1) item c) GDPR (legal obligations, specifically tax and commercial law requirements). The legal basis for the assessment, enforcement and the rejection of claims is article 6(1) item f) GDPR (legitimate interest, specifically assertion of rights or defence against claims). Data for information, news and event invitations are processed based on article 6(1) item f) GDPR (legitimate interest, specifically client relationship management).
2.3 Recipients of data may include banks for the processing of payments. Public authorities and offices may receive data within the scope of their duties, insofar as we are obligated or entitled to transmit data. This includes specifically courts. We also use processors by means of service agreements to perform services, in particular to provide, maintain and support IT systems.
2.4 All contractual data and data relevant for accounting are stored for 10 calendar years in accordance with the storage periods under tax and commercial law. Legal title documents are stored for 30 calendar years unless the receivable is paid off prior. Communication content is deleted after ten calendar years.
3. Parties Concerned and Employees of Parties Concerned
3.1 When rendering services for our clients we process data of the parties concerned and their employees (e.g. negotiating or contracting parties, counterparties, courts, public authorities and agencies, witnesses, expert witnesses, etc.) for the purpose to provide the services to our clients and to assert their rights.
3.2 The legal bases for the processing of data from parties concerned and their employees is article 6(1) item f) GDPR (legitimate interest to assert our clients rights ) and or article 6(1) item c) GDPR (legal obligations).
3.3 Recipients of data may include all entities involved in mandate in particular public authorities, agencies, courts, witnesses, expert witnesses and other concerned parties. We also use processors to perform services, in particular providing, maintaining and supporting IT systems.
3.4 Data of parties concerned and employees of parties concerned are deleted 10 calendar years after the end of the mandate.
4. Service Providers, Business Partners and their Employees
4.1 We process your data for the purpose of preparation and performance of the contractual relationship and for the fulfilment of legal requirements. No change in these purposes is planned.
4.2 The legal bases for processing are in case of contracts with natural persons article 6(1) item b) GDPR (client agreement), in case of contracts with legal entities article 6(1) item f) GDPR (legitimate interest, specifically communication with contact persons relevant to the contract), as well as always article 6(1) item c) GDPR (legal obligations, in particular provisions of tax and commercial law requirements). When checking, asserting or rejecting claims, the legal basis is article 6(1) item f) GDPR (legitimate interest, specifically asserting or defending claims).
4.3 Recipients of data may include banks for the processing of payments. Public authorities and offices may receive data within the scope of their duties, insofar as we are obligated or entitled to transmit data. Moreover, in specific cases data may be transmitted to collection service providers, legal advisors and courts. We also use processors by means of service agreements to perform services, in particular to provide, maintain and support IT systems.
4.4 All contractual data and data relevant for accounting are stored for 10 calendar years in accordance with the storage periods under tax and commercial law. Inquiries and communication data are automatically deleted after 10 years.
5. Recipients of newsletters, persons invited and participants in events
5.1 We process your data for the purpose of sending you our newsletter(s), inviting you to events and the performance of such events. No change in these purposes is planned.
5.2 The legal bases for processing of data of recipients of newsletters and persons invited is article 6(1) item f) GDPR (legitimate interest, specifically client and partner relationship management) if you are a client or a business partner, otherwise your consent according to article 6(1) item a) GDPR. If you register for an event the legal basis for processing are article 6(1) item b) GDPR (event contract) and article 6(1) item c) GDPR (legal obligations, specifically tax and commercial law requirements).
5.3 We use processors by means of service agreements to perform services, in particular to provide, maintain and support IT systems.
5.4 All contractual data and data relevant for accounting are stored for 10 calendar years. Data on newsletter recipients and invitees is deleted upon request.
6. Prospective Clients and Communication Partners
6.1 We process the data from prospective clients and communication partners (e.g. persons getting in contact with us via phone, eMail or contsct form) for the purpose of communication with the data subjects. No change in these purposes is planned.
6.2 The legal basis for processing data from prospective clients and communication partners is article 6(1) item f) GDPR (legitimate interest, specifically communication with prospective clients and communication partners), article 6(1) item b) GDPR (in order to take steps at the request of the data subject prior to entering into a contract) or article 6(1) item a) GDPR (data subject has given consent).
6.3 We use processors by means of service agreements to perform services, in particular to provide, maintain and support IT systems.
6.4 Inquiries and communication data are automatically deleted after 10 years.
7. Applicants for Employment
7.1 The purpose of data processing is to select applicants for an employment relationship. No change in this purpose is planned.
7.2 The legal basis for the processing of data is Section 26 of the new German Federal Data Protection Act (BDSG-new) in conjunction with article 6(1) item b) GDPR (initiation of the employment contract) and article 88 GDPR. We process voluntary information that you provide as part of your application on the basis of Section 26 BDSG-new in conjunction with article 6(1) item a) GDPR (consent) and article 88 GDPR.
7.3 Applicant data are passed on internally to the responsible decision-making partners and employees. We also use processors by means of service agreements to perform services, in particular to provide, maintain and support IT systems.
7.4 The data are deleted six months after the end of the application process. If an applicant is also interested in other positions, the data will remain stored for up to 24 months.
The following rights of the data subjects may be limited by the client attorney privilege according to Section 29 BDSG-new in conjunction with article 23 GDPR. As far as no conflict with the client attorney privilege arises data subjects have the following rights:
a) You have the right to request information about all your personal data we hold at any time.
b) If your personal data are inaccurate or incomplete, you have the right to correction and amendment.
c) You may request the deletion of your personal data at any time unless we are legally obligated or entitled to process your data further.
d) In case of legal requirements, you may request a limitation on the processing of your personal data
e) You have the right to object to processing if the data processing is performed for the purposes of direct advertising or profiling. If processing is performed as a result of the balancing of interests, you may object to the processing stating reasons arising from your particular situation.
f) Where data processing is performed on the basis of your consent or as part of a contract, you have the right to transfer the data provided by you, unless the rights and freedoms of other persons are impaired.
g) Where we process your data on the basis of a declaration of consent, you have the right to revoke this consent at any time with effect for the future. Any processing performed prior to revocation will remain unaffected by the revocation.
h) In addition, you have the right to file a complaint to a data protection supervisory authority at any time if you are of the opinion that data processing has occurred in breach of an applicable law.
Last updated: May 2018