IN PRIVATE PRACTICE
The privacy notice of BEST Rechtsanwälte PartmbB (in the following referred to as BEST) sets out the manner in which BEST, acting as data controller, processes which of your personal data and for what purposes. Under all circumstances, the collection and processing of personal data will take place exclusively within the scope permitted by the applicable law, including the General Data Protection Regulation, "GDPR". For the purposes of communicating, providing information and services and other purposes linked to the relationship of BEST with its partners, suppliers, clients and visitors, some personal data are required. This includes the name, contact data and function of the data subject.
1. Personal Data which may be processed by BEST: The following data categories may be collected and processed:
a. Identification data, e.g. name, gender.
b. Address and contact data, such as postal address, e-mail address, phone number, organizational data such as company, department, function.
c. IT authorizations and their use e.g. IP-addresses and user IDs and passwords for BEST WIFI for visitors and online services such as Owncloud.
d. Time and attendance, e.g. being on the company premises for providing services.
e. Activities, tasks and operations in projects involving BEST or carried out on the premises of BEST.
2. Purpose for which Personal Information of individuals may be used:
a. Communication, e.g. for clarifying questions, exchanging information or appointments.
b. Documenting activities, e.g. meetings, events and agreements.
c. Providing services, answering enquiries, settling disputes, pursuing or defending legal claims related to business partners, e.g. suppliers and service providers, clients, contractors.
Additionally, personal data it may be used in addition for:
d. Settlement of transactions, e.g. payment, invoicing and contract management.
e. Logistics, e.g. transportation.
f. Authorization and identity management for electronic services, including technical support and troubleshooting, e.g. Owncloud services.
g. Administrative communication, e.g. regarding new developments in the legal field or at BEST.
h. Checks and surveys.
Related to interested persons and visitors the personal data may be used for:
i. Identification and Authorization
j. Providing information and requested services, such as newsletters
k. Monitoring, safety checks
The processing of your personal data is necessary for the above purposes. This form of processing is within the legally permitted scope permitted by Article 6 (1) b) GDPR (performance of contracts), Article 6 (1) f) GDPR (legitimate interests) or Article 6 a) GDPR where you have given your consent unless otherwise stated.
3. Monitoring and investigation:
A variety of tools and methods are used for protecting data privacy and our IT provides security against different types of threats (malware, hacker attacks, spam, espionage and theft of intellectual property). Among the measures taken are the examination for virus and malware infection in data exchanged and received as well as the examination of data transmission for abnormalities. Suspect files may be separately examined for virus and malware infection. In all the above events, all applicable rights and regulations are adhered to.
4. Processing Principles:
Reasonable technical and organizational measures for data security are implemented through internal regulations and - if the data is processed by an external service provider - by means of data processing agreements. Data processing does not take place outside the European Union.
5. Data Transfer / Disclosure:
In compliance with legal requirements, the data required for the respective purpose can be passed to external bodies in the following cases:
a. Reporting obligations to regulatory authorities and enforcement of rights if legally required to do so. In order to protect our rights or the rights of third parties, we may also disclose data to rights holders and authorities in accordance with legal provisions.
b. Service providers: BEST may engage service providers to process your personal data for some of the purposes described in this data protection information. Should this be the case, these service providers process the data exclusively on behalf of BEST, in accordance with instructions issued by BEST and under the control of BEST in accordance with this data privacy declaration.
6. Data Storage:
Personal data will only be stored for as long as necessary to meet the respective purpose and to fulfill regulatory requirements, as a rule for the duration of the respective contractual relationship, including a possible statutory retention period. Deletion usually takes place 10 years after the last contact or upon request. The deletion of data is carried out using state of the art methods in order to ensure that the data are erased permanently.
7. Your Rights:
You are entitled to request information about the personal data we store at any time. If you have provided personal data based on a contract or consent, you are entitled to request and receive this data in a standard and machine-readable format. In justified cases, you are also entitled to request the deletion, correction or limitation of the processing of your data. Any consent provided for the use of personal data may be withdrawn at any time with effect for the future. If the use of your personal data by BEST is carried out on the basis of a balance of interests, you may object to the use of your data. In this case, we will discontinue using your data immediately, unless our interests prevail. You may object to the use of your personal data for direct marketing purposes, e.g. the receipt of mailings, at any time and without reason.
Should you wish to exercise your rights under the laws of data protection, or should you have any questions or queries concerning the use of personal data by BEST or this declaration, you may contact BEST at any time (imprint) or directly via email: firstname.lastname@example.org Questions may also be directed at the data protection authority supervising BEST: Der Hessische Landesbeauftragte für den Datenschutz und die Informationsfreiheit, telephone: +49 611 1408 – 0, telefax: +49 611 1408 – 611, email contact: https://datenschutz.hessen.de/%C3%BCber-uns/kontakt This privacy notice may be updated from time to time as appropriate.