The purpose of this notice is to inform you about the processing of your personal data by Wendelstein (»Wendelstein« or the »law firm«). This information notice is intended for any natural person (in particular, representatives, contact persons or employees of our clients or other cooperation partners) with whom we have (or will imminently have) an attorney-client relationship, or a contract, service or business relationship or any other relationship of communication.
We take the confidentiality and the protection of your personal data very seriously. Therefore, we process your personal data only to the extent permissible under statutory provisions, in particular, under the EU General Data Protection Regulation (»GDPR«) and the German Federal Data Protection Act (Bundesdatenschutzgesetz).
If you have any questions about this information notice or our policies regarding the processing of your personal data, you can always address any of the contact details below.
1. Responsibilities and contact details
The data controller, i.e., the person responsible for processing your personal data is:
Bockenheimer Landstr. 33
60325 Frankfurt am Main
If you instructed our notary Dr. Lars F. Freytag, he is the data controller in the meaning of the GDPR.
Two Towers Consulting GmbH & Co. KG
2. Processing of your personal data
Subject matter of our data processing are your contact details as well as, if applicable, other personal data required for the provision of our services or our communication with you.
Data processing usually follows your request and, pursuant to Art. 6 (1) sentence 1 lit. b GDPR, is necessary for a proper handling of the mandate and the mutual fulfillment of obligations. Moreover, we process your personal data to the extent that this is necessary for the purposes of the legitimate interests pursued by Wendelstein (Art. 6 (1) lit. f GDPR). The processing of your personal data based on the above-mentioned provisions, is particularly necessary
- in order to enter into or execute engagement letters, instructions of our notaries, contracts and other business relationships (including the processing of purchase orders, deliveries or payments) or in order to prepare or reply to quotation requests and to determine the conditions of the contractual relationship, namely with our clients, service providers or cooperation partners for whom you act as representative or employee, as the case may be;
- for internal administrative purposes of the law firm (e.g., for accounting purposes);
- for any other communication purposes;
- in order to ensure IT security and IT operations at the law firm;
- in order to engage service providers (e.g., external IT service providers) who support our business processes;
- in order to conduct compliance or similar investigations in individual cases.
Moreover, personal data is also processed in order to perform contracts entered into or to fulfil orders placed by natural persons with whom we have business relationships (Art. 6 (1) sentence 1 lit. b GDPR).
If you choose not to provide us with your personal data, we are unable to perform the contractual relationship and/or cannot fulfil the above stated communication purposes.
Pursuant to the provisions of the German Anti-Money Laundering Act (Geldwäschegesetz, »GWG«), we are obligated to identify our clients and, hence, need you to provide us with the necessary information (Sec. 11 (6) sentence 1 GWG). Pursuant to Sec. 50 of the German Federal Lawyers' Act (Bundesrechtsanwaltsordnung) and Sec. 6 et seqq. of the Regulations for Notaries (Dienstordnung für Notarinnen und Notare - DONot), we are obligated under professional law (Berufsrecht) to keep and manage attorneys' reference files and notarial books, registers and files, respectively; to this purpose, we may use electronic data processing. In these cases, data processing is required by law and is based on Sec. 6 (1) sentence 1 lit. c GDPR.
If you have not provided us with your personal data yourself, we received such data from our clients or cooperation partners or obtained them from publicly available sources, in particular from company websites or industry directories.
3. Confidentiality and erasure of your personal data
Each of our employees as well as all staff members of third-party service providers who have access to personal data are obligated to treat such data confidentially.
We will continue processing your personal data also after termination of our attorney-client, contract or service relationship or our contact to the extent that this is necessary for the aforementioned purposes, to comply with post-contractual obligations or to fulfil statutory requirements for the retention of records or for the purposes of the legitimate interests pursued by us. The same applies if you have consented to additional data storage pursuant to Sec. 6 (1) sentence 1 lit. a GDPR. Thereafter, your personal data will be erased.
4. Disclosure of your personal data
We will transmit your personal data only on the basis of (and in accordance with) the statutory provisions in the context of the correct execution of a mandate or of instructions to our notary or if and to the extent that you have consented to such transmission in the individual case.
To the extent required for the purposes outlined under 2. above, your personal data may be disclosed to service providers within and outside the European Union (EU) who perform specific services for us such as IT services (processors). We will commit the service providers to secrecy; the service providers will process personal data only in accordance with our instruction.
In the course of our law firm's usual work processes and for the purposes specified under 2. above, it is possible that we disclose your data to third parties within and outside the European Union, for example to our cooperation partners or to law firms with whom we work together on a client matter, to translators, opponents or to other third parties.
In addition, we can – to the extent legally permissible – disclose your data to domestic and foreign public authorities and courts (such as social security institutions, tax authorities or law enforcement agencies) in order to comply with statutory duties or in order to act in the interests of our law firm.
5. Your Rights
Subject to the statutory requirements, the fulfilment of which must be assessed on a case-by-case basis, you have the right to receive information about your personal data, to require rectification or erasure of your personal data or the restriction of the processing, or to object to any kind of processing of your personal data outlined under II. You are further entitled to receive your personal data in a structured, commonly used and machine-readable format (data portability). Further, you are entitled to lodge a complaint with the competent supervisory authority, the Hessian Commissioner for Data Protection and Freedom of Information (Der Hessische Beauftragte für Datenschutz und Informationsfreiheit), regarding the processing of your personal data.