Data Protection Statement
1. Preliminary remarks
In this Data Protection Statement, we wish to inform you about the way your personal data are handled by the law firm of Weiland Rechtsanwälte. The Data Protection Statement serves to inform you about the collection and use of your data while visiting our website and using the services offered there, as well as about the handling of your personal data as part of the mandate conferred on us, in particular about your rights in terms of data protection law.
When processing your personal data, we naturally comply with the applicable data protection provisions, in particular the European General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG) and the German Telemedia Act (TMG).
We are very much aware that the protection of your privacy is an important concern in connection with the mandate conferred on us or when you visit our website. We are very committed to your concerns. For this reason, we wish to inform you about which data concerning you we save, when we save them, and how we use them. With this Data Protection Statement, we not only want to comply with our legal obligations, but also inform you about our data protection measures. You can also contact our Data Protection Officer named below at any time.
The General Data Protection Regulation protects personal data. Pursuant to Article 4(1) GDPR, this means any information relating to an identified or identifiable natural person, such as name, address or date of birth, and telephone number or IP address.
2. Controller / Contact with Data Protection Officer
Weiland Rechtsanwälte, Am Kaiserkai 62, 20457 Hamburg, Email:
Data Protection Officer: Rechtsanwalt Dr Dietmar Buchholz (lawyer): Email:
When you contact us by visiting our website, or by telephone, email or contact form, the information you provide will be saved by us pursuant to point (a) of Article 6(1) GDPR to allow us to process your request and any follow-up correspondence with you.
The contact with us will be recorded to be able to show that the contact was established in accordance with the legal requirements of the GDPR. Pursuant to point (f) of Article 6(1) GDPR, every time you visit our website general data and information are automatically collected and saved temporarily in a ‘log file’. The following information is collected automatically, i.e. without your intervention, and saved until it is automatically erased:
- data relating to access to the website (date, time and frequency),
- IP address, which your internet access provider has assigned to your computer,
- name and URL of the retrieved file,
- website from which our website is accessed,
- volume of transmitted data,
- the browser and browser version you use,
- the operating system you use,
- the internet server provider you use.
The collection and storage of these data is necessary to ensure a smooth connection to and convenient use of the website. In addition, these data are used to ensure the security of our IT systems to detect and resolve any technical problems that may occur, and to prevent or prosecute the abuse of or other unlawful activity on our website. Data are also collected and stored if we are legally obliged to do so, e.g. based on administrative or judicial directives, as well as to safeguard our rights and claims, and for legal defence.
We only use your personal usage data as part of our mandate and will potentially only merge them with other information if you have previously conferred a mandate on us. The legal foundation for the processing of the data is points (b) to (f) of Article 6(1) GDPR. The legitimate interest is derived from the purposes stated above.
4. Purpose and legal basis of data processing
We process your personal data in accordance with the provisions of the EU General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG), professional codes of practice in relation to data privacy, as well as all other relevant laws. Data are processed pursuant to point (b) of Article 6(1) GDPR for the purposes stated there, in this case for the proper processing of your mandate and for the mutual performance of obligations under the mandate agreement, as well as for the execution of precontractual measures.
We will only collect and use personal data obtained from you if they are necessary for the assertion and defence of your rights as part of the mandate conferred on us. The data are collected only for the purpose of providing appropriate legal advice to you and representing you in legal issues. We also process your data to pursue our legitimate interests or those of third parties, in particular to establish any claims against you (point (f) of Article 6(1) GDPR). Moreover, we process your personal data to comply with statutory obligations pursuant to point (c) of Article 6(1) GDPR (e.g. commercial or fiscal duties of retention or our advisory obligation). The mandate agreement cannot be concluded and/or performed without processing your personal data.
5. Disclosure of your personal data to third parties:
When we disclose your personal data to third parties, we always seek to ensure the highest possible security level. Your personal data are transmitted to third parties only in the cases listed below, for example if
- you have given explicit consent pursuant to point (a) of Article 6(1) GDPR,
- their disclosure is necessary pursuant to point (b) of Article 6(1) GDPR for the performance of the mandate. This includes the transfer of data to opponents in legal proceedings and their representatives, especially lawyers or tax consultants, and to courts and other public authorities for the purpose of corresponding with them and asserting or defending your rights. The third party may use the data only for the aforementioned purposes. In all other respects, the lawyer-client privilege remains unaffected to the extent that it concerns data subject to the lawyer-client privilege,
- their disclosure is necessary pursuant to point (c) of Article 6(1) GDPR to comply with a legal obligation,
- their disclosure is necessary pursuant to point (f) of Article 6(1) GDPR for the establishment, exercise or defence of legal claims and there is no cause to assume that you have an overriding legitimate interest in the non-disclosure of your data.
In the operation and optimisation of our website, we employ service providers, e.g. in connection with the central IT infrastructure or for the hosting of our website. We have entered into agreements with the service providers concerned for the processing of data on our behalf pursuant to Article 28 GDPR. These processors may use the data made available by us only in accordance with our instructions. Both contracting parties are responsible for appropriate data protection precautions in this case. We have agreed to specific data protection precautions with our service providers. The employees and supervisors of the service providers are obliged to ensure the confidentiality of the data and to comply with this duty.
6. Cookies/Analysis tool
7. Your rights
Pursuant to the GDPR, you have rights in relation to the processing of your personal data, about which we herewith wish to inform you. If you wish to exercise any of the rights outlined below, you can inform us accordingly with a simple notification. Except for postage, you will not incur any expenses for the enquiry. The enquiry can be sent by email to the above email address.
Subject to any statutory restrictions, you have the following rights with regard to your personal data:
- Pursuant to Article 15(1) GDPR, the right to obtain access to the data about you that we have saved.
- Pursuant to Article 16(1) GDPR, the right to rectification and/or completion of your data without undue delay.
- Pursuant to Article 17 GDPR, you have the right to the erasure of your data. In this connection, we wish to point out that data protection legislation provides for an obligation to erase, but not for erasure deadlines. These are defined by the applicable domestic laws. We are obliged, for example, based on statutory provisions to store certain data for a longer period (e.g. retention periods for accounting records are currently ten years (German Tax Code [AO]).
- Pursuant to Article 18 GDPR, you have the right to obtain a restriction of the processing of your data.
- Pursuant to Article 20 GDPR, you have the right to receive the personal data concerning you, which you have provided, in a structured, commonly used and machine-readable format.
- Pursuant to Article 21 GDPR, you have the right to object to the processing of personal data, if those data are processed based on legitimate interests pursuant to point (f) of Article 6(1) GDPR and your objection is based on grounds relating to your personal situation.
Pursuant to Article 77 GDPR, you have the right, moreover, to lodge a complaint with the competent supervisory authority for data protection of your federal state. Competent authority for Hamburg
Hamburgischer Datenschutzbeauftragte für Datenschutz und Informationssicherheit (Data Protection Commissioner for Hamburg),
Kurt-Schumacher-Allee 4, 20097 Hamburg.
8. Duration of storage:
Your personal data will be erased upon expiry of the statutory retention period for lawyers (six years after expiry of the calendar year in which the mandate ended), unless we are obliged, pursuant to point (c) of Article 6(1) GDPR, in terms of fiscal or commercial law-related retention and documentation duties under the German Commercial Code (HGB), the German Criminal Code (StGB) or the German Tax Code (AO) to store the data for a longer period, or unless you have agreed to a longer storage duration pursuant to the first sentence, point (a) of Article 6(1) GDPR, or if the storage is required to pursue the legitimate interests of the controller or a third party pursuant to point (f) of Article 6(1) GDPR.
As part of our IT security, we use technical and organisational security measures to protect the data provided by you against accidental or intentional manipulation, loss, destruction or access by unauthorised persons. We continuously review and adapt our security precautions in line with data protection laws and technical advances. We protect our systems and data processing through technical and organisational measures, such as data encryption, pseudonymisation, anonymisation, access and entry controls, firewalls and restoration systems, as well as integrity testing. Our employees are regularly trained to handle your personal data in a confidential manner and are required to comply with data protection regulations in accordance with the data protection laws and professional codes of conduct.
10. Job applications
As part of the recruitment process, we collect, process and use your personal data exclusively to process your application and to conduct the recruitment process; the data only serve to assess your professional suitability and to contact you. In doing so, we only collect data that are required for the posted employment vacancy. The data you provide to us are transmitted initially to our HR department and processed and verified there. Thereafter, the HR department forwards your data as part of the recruitment process to the department(s) within our law firm that are involved in the selection process concerned. There your data are used as intended. If your application is successful and we conclude a contract with you, we include your data in your HR file. In doing so, the confidential handling of your data is of course guaranteed.
If your application is unsuccessful, your data are automatically erased six months after completion of the recruitment process. If you expressly consent to it, we will store your full application documentation for a period of 12 months to be able to inform you if a suitable position becomes vacant in our law firm. The above does not affect in any way to demand the erasure of your data at any time.
Hamburg, 25 May 2018