Client data protection information
in accordance with Art. 13, 14 GDPR
Compliance with the provisions of data protection law is extremely important to our law firm. We, therefore, want to ensure you are clear about processing of your personal data by providing this information:
1. Data controller for data collection
The data controller for collection and processing of data is reichert & reichert, Tax Consultancy and Law Firm, Proprietor Dr. Hansjörg Reichert, Zeppelinstraße 7, 78224 Singen, Germany. You can contact us by telephone on +49 (0)7731 9587-0 or by email at firstname.lastname@example.org.
2. Contact details of the data protection officer
The contact details for our data protection officer are: address as above, FAO The Data Protection Officer. You can contact our data protection officer by telephone on +49 (0)7731 9587-0 or by email at email@example.com.
3. Processing of personal data
We collect and process your personal data in accordance with the provisions of the European General Data Protection Regulation (GDPR), the revised version of the German Federal Data Protection Act (BDSG) and all other legislation relevant to processing of personal data.
Category of data subject: Clients
Categories of data: Relevant personal data may include master data, address and date of birth, private and business communication details, identification data, contract data, social data, client management data, image data and bank details.
Furthermore, we collect information which, depending on the specific content and scope of our instruction, is required to assert and defend your rights and / or to provide consulting services to you in the context of the instruction.
Purpose of processing: The purpose of processing is determined primarily by the specific instruction and may also include associated consulting, support and documentation. Among other things, we process the data of our clients to initiate and implement our instruction, in the interests of comprehensive client management, for communication with you, billing, unique identification, planning and organisation of our business processes, to clarify and process claims, for purposes of direct marketing, to comply with statutory regulations, for IT security, to process any liability claims, to exercise or defend legal claims and to prevent and investigate criminal acts and prevent fraud.
Legal basis: Art. 6(1) sentence 1 point (a) GDPR if consent is given, Art. 6(1) sentence 1 point (b) GDPR for dealing with the instruction or client query and fulfilment of obligations on both sides arising from the mandate agreement, Art. 6(1) sentence 1 point (c) GDPR for cases in which processing is to fulfil a legal obligation to which we are subject, Art. 6(1) sentence 1 point (f) GDPR to pursue our legitimate interests or the legitimate interests of third parties.
Legitimate interest: We process personal data in the legitimate interest of planning and organising our business processes, our network and information security, client management, central data management, prevention of fraud and assertion of rights.
Furthermore, we process data in our legitimate interest of informing you about legal, tax and business topics and news from our practice which in our view are relevant to you, and to provide further / ongoing consulting services for you (direct marketing).
Categories of recipients: Within our practice, departments are given access to your data only if they require them to fulfil our contractual or legal obligations or are permitted to process them based on our legitimate interest or your consent.
We pass your personal data on to third parties insofar as this is essential to handle the client relationship and there is a legal basis to do so. Transfer includes, in particular, passing data on to public authorities, tax offices, opponents in legal proceedings and their representatives (in particular their lawyers), courts for the purposes of correspondence and to assert and defend your rights. In consultation with you, it may also be necessary to pass your data on for the processing of your query / the instruction you give us to our domestic and international cooperation partners. We will inform of this separately in advance as the need arises. This is without prejudice to client-attorney and client-tax consultant privilege.
Your data may also be passed on by us to external service providers, such as IT service providers and other companies (e.g. for support with destruction or archiving of data) which help us with data processing within the framework of commissioned data processing and under strict instructions from us.
Of course, we do not sell your personal data to third parties or market them in any other way.
Data sources: We process personal data which we receive from you in the context of initiation or implementation of our client relationship. Insofar as is necessary to fulfil our contractual or legal obligations and to pursue our legitimate interests, we also process personal data that we have obtained legitimately from other companies or public bodies or that we have acquired legitimately from publicly accessible sources (e.g. commercial registers, land registers, the press, media, the internet) and that we are permitted to process.
Transfer to third countries: In individual cases, we may be under legal obligations in countries outside the EU/EEA (so-called third countries); these do not arise generally, but only in the specific context of an individual instruction (e.g. to fulfil reporting obligations under tax law or to work with our international cooperation partners).
It may be that our service providers use other service providers (subcontractors), such as computer centres, which are based in a third country. In these cases, transfer of your personal data is permissible only if the European Commission has established an appropriate level of protection in the third country in question or insofar as suitable guarantees are provided, such as the adoption of standard data protection clauses of the Commission or the supervisory authority, and the data subject has enforceable rights and effective legal remedies at their disposal. Our service providers are contractually obliged to comply with these requirements.
Period of storage: The personal data collected by us in connection with our instruction are stored until expiry of the statutory retention period (6 years from the end of the calendar year in which the instruction ended) and then erased, unless we are obliged by retention and documentation obligations under tax and commercial law pursuant to Art. 6(1) sentence 1 point (c) to store the data for longer, the client relationship with you extends beyond this period or you have consented to a longer storage period pursuant to Art. 6(1) sentence 1 point (a) GDPR.
4. Your rights as a data subject
You have the right under Art. 15(1) GDPR to information from us about the personal data stored concerning you and under Art. 16 GDPR to rectification of incorrect data and to erasure, if one of the reasons specified in Art. 17 GDPR applies. You also have the right to restriction of processing, if one of the conditions specified in Art. 18 GDPR applies, and the right to data portability in cases covered by Art. 20 GDPR. Under Art. 22 GDPR, you have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or otherwise significantly disadvantages you. If you consider that the processing of personal data relating to you infringes the provisions of data protection law, you have the right under Art. 77 GDPR to lodge a complaint with a supervisory authority. The right to lodge a complaint may be pursued, in particular, with a supervisory authority in the Member State in which you reside or which is the place of the alleged infringement. In Baden-Württemberg, the Supervisory Authority of the Regional Officer for Data Protection and Freedom of Information, Königsstraße 10a, 70173 Stuttgart, is responsible.
5. Withdrawal and objection
You have the right to withdraw consent that you have given at any time, without affecting the lawfulness of the processing carried out up to that point. If you withdraw your consent, we cease the corresponding data processing and erase your data that are processed for this purpose, unless you have expressly consented to further use of your data or there is a legal basis for further processing.
If data are collected on the basis of Art. 6(1) sentence 1 point (f) GDPR (data processing to pursue legitimate interests), you have the right to object to the processing at any time for reasons relating to your particular situation. We will no longer process the data unless there are compelling legitimate grounds for the processing which override your interests, rights and freedoms or the processing is necessary for the establishment, exercise or defence of legal claims.
If personal data are processed for direct marketing, under Art. 21(2) GDPR you have the right to object at any time to processing of personal data concerning you for the purposes of marketing of this sort. If you object to processing of your personal data or purposes of direct marketing, the data will no longer be processed for those purposes.