Data Protection

This privacy policy provides you with information regarding the handling of your personal data on this website and in connection with the services of ERLBURG Rechtsanwaltsgesellschaft mbH and contains information about the rights under the European General Data Protection Regulation (GDPR) and the Bundesdatenschutzgesetz (BDSG; German Federal Data Protection Act):

1. General Information

1.1 Contact

ERLBURG Rechtsanwaltsgesellschaft mbH is responsible for data processing. If you have any suggestions or questions about this privacy policy or the processing of your personal data, or if you wish to assert rights in this regard, please send your request to:

ERLBURG Rechtsanwaltsgesellschaft mbH
Greifswalder Str. 226
10405 Berlin
E-mail: office@erlburg.law

1.2 Legal basis

The term “personal data” under data protection law refers to all information relating to a specific or identifiable person. This includes, for example, their name, address or email. We process personal data in compliance with the relevant data protection regulations and only to the extent permitted by law. This means that we generally only process personal data if you have given your consent (Art. 6(1)(aa) GDPR), this is done for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract (Art 6(1)(b) GDPR), for compliance with a legal obligation (Art. 6(1)(c) GDPR) or if processing is necessary for the purposes of our legitimate interests or those of a third party, except where such interests are overridden by your interests or fundamental rights and freedoms which require protection of personal data (Art. 6(1)(f) GDPR).

1.3 Duration of storage

Unless otherwise stated in the following information, we only store your personal data for as long as is necessary to achieve the processing purpose or to fulfill our contractual or legal obligations. Such statutory retention periods may result in particular from commercial, tax law or special legal standards.

1.4 Recipient of the data

We use contracted service providers for certain data processing. This includes maintenance, hosting and support of IT systems, marketing activities, brand management, translations or the destruction of files and data media. Such service providers commissioned by us process the personal data in question only in accordance with our express instructions and are obliged to ensure confidentiality and the legally required level of data protection with suitable technical and organizational measures. In addition, we may transfer personal data of our clients to postal and delivery services, courts, opposing parties, our house bank, tax advisors / auditors, fiscal or other authorities.

1.5 Processing when exercising your rights in accordance with Art. 15 – 22 GDPR

If you exercise rights under Art. 15 – 22 GDPR, the personal data transmitted to us in this context will be processed by us for the purpose of implementing these rights. This allows us to provide evidence in this regard, as we are legally obliged to do (Art. 6(1)(c) GDPR).

1.6 Your rights

If you as a person are affected by data processing by us, you can exercise your rights against us. You have the following rights in particular:

  • According to the provisions of Art. 15 GDPR and para. 34 BDSG, you have the right to request information as to whether and if so to what extent we are processing personal data about you or not.
  • According to the provisions of Art. 16 GDPR, you have the right to ask us to correct your data.
  • According to the provisions of Art. 17 GDPR and para. 35 BDSG, you have the right to ask us to erase your personal data.
  • According to the provisions of Art. 18 GDPR, you have the right to restrict the processing of your personal data.
  • According to the provisions of Art. 20 GDPR, you have the right to receive the personal data concerning you that you have provided in a structured, commonly used and machine-readable format and to transmit this data to another controller.
  • If you have given us separate consent to data processing, you can withdraw this consent at any time according to the provisions of Art. 7 GDPR. We wish to point out that this does not affect data processing based on consent prior to withdrawal.
  • If, in your view, the processing of the personal data concerning you infringes the provisions of the GDPR, you have the right to lodge a complaint with a supervisory authority in accordance with Art. 77 GDPR.

1.7 Right to object

According to the provisions of Art. 21(1) GDPR, you have the right to object to processing on the legal basis of Art. 6(1)(e) or (f) GDPR on grounds relating to your particular situation. If we process personal data about you for direct marketing purposes, you can object to this processing in accordance with Art. 21(2), (3) GDPR.

2. Data processing on our website

When you use our website, information is collected that you provide yourself. In addition, certain information about your website usage is automatically recorded during your visit to our website. Under data protection law, the IP address is also regularly regarded as personal data. An IP address is assigned to every device connected to the Internet by the Internet provider so that it can send or receive data.

2.1 Processing of server log files

When using our website, general information that your browser transmits to our server is stored automatically, i.e. when it is used without registering. By default, this includes the browser type/version, the operating system used, the website accessed, the website previously visited (referrer URL), the host name of the accessing computer, the IP address, date and time of the server request. This processing is necessary so that you can access our website content and serves our legitimate interest in providing a website, Art. 6(1)(f) GDPR. The log files are not saved.

2.2 Queries

You can send us a message using the contact email on the website. We process the data provided by you for the purpose of answering your query. If your query relates to the conclusion of a mandate agreement or a contract of another nature with us, Art. 6(1)(b) GDPR is the legal basis for the data processing. Otherwise, we process the data based on our legitimate interest in contacting inquiring persons. The legal basis for data processing in this case is Art. 6(1)(f) GDPR.

2.3 Cookies

We use cookies on our website. Cookies are small text files that are stored by your browser when you visit the website. This identifies the browser used and can be recognized by our web server. If processing of personal data occurs through this use of cookies, this is done on the legal basis of Art. 6(1)(f) GDPR. Data processing serves our legitimate interest, as it can make the website safer, more user-friendly and more effective. We only use so-called session cookies. These are deleted when the browser session is ended. You can also delete the cookies at any time in the security settings of your browser. You can also object to the use of cookies through your browser settings as a general rule or in specific cases. Further information can be obtained from the Federal Office for Information Security (https://www.bsi-fuer-buerger.de/BSIFB/DE/Empfehlungen/EinrichtungSoftware/EinrichtungBrowser/Sicherheitsmassnahmen/Cookies/cookies_node.html).

2.4 Typekit

Adobe Typekit is used on our website to display fonts. Adobe Typekit is a font library access service that is provided by Adobe Systems Incorporated, 345 Park Avenue, San Jose, CA 95110-2704, USA. When a page of our website is opened, the browser loads the required web fonts into your browser cache in order to display texts and font types correctly. No cookies are placed or used when the Typekit service is used to provide the fonts. Adobe may collect information about the fonts used to identify the website itself and the linked Typekit account in order to provide the Typekit service. Further information are provided in the information section of Adobe Typekit and in the Adobe Data Protection Guidelines.

3. Data processing on our LinkedIn page

We operate a LinkedIn page on which we present our company, provide information about our services and communicate with our clients or interested parties. If you contact us via LinkedIn or interact with our site, we process personal data about you. If the query relates to the conclusion or implementation of a mandate agreement or a contract of another nature with us, this is done on the basis of Art. 6(1)(b) GDPR. Otherwise, we process the data based on our legitimate interest in contacting inquiring persons. The legal basis for data processing in this case is Art. 6(1)(f) GDPR.

In addition, the LinkedIn operating company processes the relevant personal data on its own behalf. For users based in the European Economic Area and Switzerland, LinkedIn is operated by the LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland (“LinkedIn Ireland”). LinkedIn Ireland’s privacy policy can be found here: https://www.linkedin.com/legal/privacy-policy?trk=organization-guest_footer-privacy-policy. It also contains information about the setting options for your LinkedIn profile. Finally, we receive non-personal information and analyses from LinkedIn Ireland about the use of our account and/or interactions with our posts. With this information, we can analyze and optimize the effectiveness of our LinkedIn activities. This processing is based on Art. 6(1)(f) GDPR and serves our legitimate interest in optimizing our LinkedIn page.

4. Further data processing

4.1 Contracts with service providers

In order to enter into or carry out a contractual relationship with you as a service provider, the processing of personal master, contract and payment data is regularly necessary. Art. 6(1)(b) GDPR is the legal basis for this processing.

4.2 Client relationship

Your personal data will be processed in the context of a client relationship or the initiation of a client relationship, insofar as this is necessary for the establishment and implementation of the client relationship. This includes, in particular, your first and last name, your contact details and other data required for the execution of the mandate, depending on the type and scope of the mandate issued. Art. 6(1)(b) GDPR is the legal basis for this processing.

If your personal data relating to an existing or future mandate is transmitted to us by third parties, the data processing serves to implement the mandate. If your personal data is transmitted to us because our client is considering making claims against you, or our client expects such claims to be made by you, the data processing also serves to assert, exercise or defend legal claims. The processing therefore serves to protect our client’s legitimate interests in accordance with Art. 6(1)(f) GDPR.

4.3 Applications

If you apply to ERLBURG Rechtsanwaltsgesellschaft mbH, we process your application data exclusively for purposes related to your interest in working for us and in the processing of the application. The application is only viewed and processed by the relevant contact persons in our office. All employees entrusted with data processing are obliged to maintain confidentiality in respect of the data. If we do not offer you any employment, the data you provide will be kept by us for up to 3 months after any rejection in order to answer possible questions about the application/a possible challenge. This does not apply if statutory provisions prevent deletion, further storage is necessary for evidence purposes, or you have expressly consented to longer storage. The legal basis for data processing is para. 26(1), sentence 1 BDSG.

Date: March 2020