In A Nutshell:
In general, our website may be used anonymously. Providing personal data is purely voluntary and you will always be informed if and for what purpose we want to store your data. Personal data are data that enable us to identify you personally and/or to contact you, such as your name, address or e-mail address.
Who We Are And How You Can Reach Us
The controller of the processing of personal data on this website is von BOETTICHER Rechtsanwälte Partnerschaftsgesellschaft mbB, Widenmayerstr. 6, 80538 München, further information see imprint. You may contact our data protection officer at the following address: Datenschutzbeauftragte der von BOETTICHER Rechtsanwälte Partnerschaftsgesellschaft mbB, Widenmayerstr. 6, 80538 München, E-Mail: firstname.lastname@example.org.
What Data We Do (Not) Process, For What Purpose, For How Long And On What Legal Basis
Anonymous Use Of Our Website
You may use our website anonymously. When you visit our website, your web browser tells our web server your IP address so that communication is possible. Your IP address may be used to identify you. However, we do not store your IP address. You remain completely anonymous to us when visiting our website.
Logging And Evaluation In Case Of Attacks
Error messages – usually caused by attack attempts – are recorded and evaluated for reasons of security. Only the following data that may allow identification are used with respect to the recording of error messages: Your IP address, date and time, exact name (URL) of the requested data file(s), HTTP status code, volume of data transferred, referrer (website from which the file was requested), browser identification string that is sent from your browser (User Agent String). Such data shall be deleted after seven days if they are no longer useful (possibly for evidence).
The legal basis for data processing is Art. 6 para. 1 subpara. 1 letter f GDPR. The legitimate interests in processing on the basis of Art. 6 para. 1 para. 1 letter f GDPR are ensuring of the functionality and security of our website as well as defence against attacks and other abuses.
Data Processing Upon Contact
If you call us or send us a message, for example via the contact form or by e-mail, we need your e-mail address, your postal address or a telephone number if you want us to reply to you. You may also use a pseudonym instead of your name. We will use this data as well as data and time of your contact exclusively to handle your request. Your data will not be passed on to third parties but only internally to the department responsible for your particular request. We will delete your data as soon as it is no longer needed for this purpose, i.e. usually three months after the last contact with you. If you have any further questions, please contact us again within three months. The legal basis for the data processing is Art. 6 para. 1 subpara. 1 letters b and f GDPR. The legitimate interest in processing on the basis of Art. 6 para. 1 subpara. 1 letter f GDPR is to fulfil your request.
Exceptions: We are required to retain business and commercial letters and other tax-relevant documents in order to fulfil our commercial and tax law archiving obligations; we will delete them by 31 March of the seventh calendar year following their creation, and in the case of booking receipts of the eleventh calendar year following their creation. Our accounting department has access to these data. The legal basis for tax law retention is Art. 6 Para. 1 Para. 1 Letter c GDPR in connection with sections 147 AO, 257 HGB.
If your request is for a special purpose (e.g. if you instruct us as your lawyer or subscribe for a newsletter), only the explanations on data processing for the special purpose apply to data processing in this context, about which we will inform you separately if necessary.
Data Processing Upon Job Applications
We are aware that job applications contain sensitive personal data. We therefore ask you not to send applications to our general postal or e-mail address, but always to the contact person named in each case. Please also note that data transmission on the Internet is generally insecure if it is not encrypted. Our servers support transport encryption (STARTTLS) so that the emails transmitted between your email provider and us are protected if your email provider uses transport encryption. You can also encrypt your email with PGP – you can find your contact’s public key in their lawyer profile on our website.
Despite all security measures, we ask you to refrain from providing information in your application that is not required for the specific position. For example, we will only judge you on your suitability for the position in question, so that you do not have to send us a photo or provide any information about your family situation, etc.
When you apply for a job with us, we will process the information we receive from you during the application process, e.g. by letter of application, CV, references, correspondence, telephone or verbal information. In addition to your contact details, your education, work experience and skills are of particular relevance to us. We will only judge you by your suitability for the respective job so that you do not have to send us a photo or give us information about your family situation, etc. We do not conduct research about you on the Internet (so-called background checks).
Your data will initially be processed exclusively for the purpose of the application procedure. If your application is successful, it will be used in your personnel file and for the execution and termination of the employment relationship and deleted in accordance with the regulations applicable to personnel files. If we are currently unable to offer you employment, we will continue to process your data for up to six months after the notification of rejection in order to defend ourselves against possible legal claims, in particular due to alleged discrimination in the application process. If you receive cost reimbursements or other tax-relevant transactions (e.g. invitation to a meal), the corresponding accounting documents will be kept until March 31 of the eleventh calendar year after payment at the latest, in the case of commercial and business letters and other tax-relevant documents of the seventh calendar year after their creation in order to fulfil the commercial and tax retention obligations. Your data can initially be accessed by our partner in charge for human resources, but if required also by the other partners and the accounting department.
The legal basis for data processing in the application procedure and as part of the personnel file are Section 26 para. 1 sentence 1 BDSG and Art. 6 para. 1 subpara. 1 letter b GDPR and, if you have given your consent, for example by sending information not necessary for the application procedure, Art. 6 para. 1 subpara. 1 letter a GDPR. The legal basis for data processing after a refusal is Art. 6 para. 1 subpara. 1 letter f GDPR. The legal basis for the retention under commercial and tax law is Art. 6 para. 1 subpara. 1 lit. c GDPR in connection with Sections 147 AO, 257 HGB. The legitimate interest in processing on the basis of Art. 6 para. 1 para. 1 subpara. 1 letter f GDPR is the defence against legal claims.
In general, we do not need to have any special categories of personal data within the meaning of Art. 9 DSGVO for the application process. We ask you not to send us any such information from the outset. If such information exceptionally is relevant to the application process, we will process it together with your other applicant data. This may include, for example, information about a severe disability which you may voluntarily provide us with and which we must then process in order to fulfil our special obligations with regard to severely disabled persons. In these cases, processing serves the exercise of rights or the fulfilment of legal obligations under labour law, social security law and social protection. The legal basis for data processing is then Art. 9 para. 2 lit. b GDPR, Sections 26 para. 3 BDSG, 164 SGB IX.
Voluntary Provision Of Your Data
You are not obliged to provide us with personal data. If you do not provide us with certain information that we need to handle your request (for example a way to contact you if you want an answer from us), we may not be able to do so. In the context of special procedures (e.g. when register for our newsletter) it may be necessary for you to provide us with certain information because otherwise we will not be able to process your order or send you the newsletter. However, we will always point this out to you in the specific situation.
Recipients Of The Data
Your personal data will remain in our area of responsibility. Our administrators have the possibility to access data processed by IT. We list further recipients of your data in the notes on the respective data processing. In certain cases, we may need to disclose your personal data to third parties so that you can obtain the desired service, in particular to vicarious agents such as banks and other payment service providers as well as postal and parcel service providers or forwarding companies.
In certain areas, such as web hosting and e-mail hosting, we use specialized service providers. These are strictly bound to our instructions by an agreement on commissioned data processing and may not process the data for their own purposes. Processing takes place only in Germany.
Automated Decision Making, Profiling
Automated decision making does not take place.
You have a right of access, to rectification or erasure, restriction of processing, to object to processing and to data portability under the respective statutory preconditions with regard to the personal data concerning you.
You also have the right to complain to a data protection supervisory authority about our processing of your personal data, for example to the supervisory authority responsible for us: Bayerisches Landesamt für Datenschutzaufsicht, Promenade 27, D-91522 Ansbach, Telefon +49(0)981 53 1300, Fax +49(0)981 53 98 1300, E-Mail email@example.com. If you have any questions or requests regarding data protection, please feel free to contact our data protection officer at any time: firstname.lastname@example.org.
Your Right To Object To Processing
To the extent that processing of your personal data is based on Art. 6 para. 1 subpara. 1 lit. e or f GDPR, you have the right to object to processing in accordance with Art. 21 GDPR. If your objection is made for reasons arising from your particular situation, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms of or for the establishment, exercise or defence of legal claims. If your objection is directed against direct marketing, including profiling, insofar as it is connected with such direct marketing, we will no longer process your personal data for these purposes.