Data Protection Declaration

Privacy policy

The protection of your data is a high priority for OPPENLÄNDER.

In the following, we inform you about the type and scope of the processing of personal data when using our Internet offer (under II.), in the context of a mandate relationship (under III.), for direct marketing purposes (under IV.), for job applications (under V.) as well as for participation in events (under VI.).

I. Name and contact details of the controller and the data protection officer

Responsible for the processing of personal data at OPPENLÄNDER is:

OPPENLÄNDER Rechtsanwälte Partnerschaft mbB.
Börsenplatz 1 (Friedrichsbau)
70174 Stuttgart
Telephone: +49 (0)711/60187-0

OPPENLÄNDER's data protection officer can be reached at the above postal address and by e-mail at datenschutz(at)oppenlaender.de.

II. Data processing for our Internet offer

The use of our Internet pages is generally possible without providing personal data. We collect your personal data only to the extent necessary to provide our Internet service.

Personal data is processed in the following cases:

1. calling up our Internet site Due to the system, when you call up our Internet pages, information is collected and stored in so-called server log files, which your browser automatically transmits to us. These are:

• IP address of the retrieving end device,
• Date and time of the call,
• name and URL of the retrieved file,
 • Message whether the retrieval was successful,
• Amount of data transferred,
• Referrer URL (Internet page from which the access was made) or name of the access provider,
• browser used and operating system.

The data in the log files are always stored separately from other data; they are not merged with other data sources.

This data, insofar as it is personal data, is processed on the basis of Art. 6 Para. 1 Sentence 1 lit. f) GDPR for the delivery of the contents of our website as well as to ensure the functionality of our information technology systems, to optimize our Internet pages and to evaluate system security and stability. The data is stored for a maximum period of seven days and then deleted.

2. online registration for events

On our Internet pages or by way of individual communication (e.g. by e-mail, telephone, fax, etc.), you may have the opportunity to register online for selected events. To do this, you must enter your surname and first name, your e-mail address and your company in a registration mask or in individual communication. You can optionally provide further details (telephone number or position).

We process the data you provide on the basis of Art. 6 (1) sentence 1 lit. b) or lit. f) GDPR in order to register you for participation in the desired event, to inform you of any changes regarding the time and place of the event and, if necessary, to send you the event documents in electronic form after the event.

In addition, we reserve the right to process the data provided to us by you on the basis of Art. 6 (1) sentence 1 lit. f) GDPR in order to inform you by mail about further events of OPPENLÄNDER Attorneys at Law as well as about new legal developments and legal amendments. If you do not wish to receive event invitations or information letters from us in the future, you can object to the processing of your data for these purposes at any time by sending a message to the contact details mentioned in Section I without giving any reasons with effect for the future.

For more information on your right to object in accordance with Art. 21 GDPR, please refer to Section VIII.

3. use of cookies

No cookies are used on our Internet pages. Tracking of your visit to our Internet pages does not take place, nor does the creation of user profiles using pseudonyms.

III. mandate-related data processing

Within the framework of the initiation of a mandate or the granting of a mandate, we collect personal data from the following

- of the client or the contact persons designated by our client, in particular surname and first name as well as contact data (telephone number, e-mail address, fax) of the client or the contact persons;
- from third parties whose personal data are related to the initiation of the mandate or the granting of the mandate, such as data of shareholders, business or contractual partners of the client, of consultants, of potential opponents in a legal dispute;
- of employees in the judiciary, such as authorities and courts, as well as
- other parties involved, such as witnesses, experts, etc.

We process the data collected by us for the purposes of checking the conflict and deciding whether to accept the mandate, for processing the mandate, for invoicing, for defending against or settling any liability claims and for asserting any claims of our own arising from the mandate relationship.

Insofar as we do not receive the personal data directly from the data subject, the data originate from our clients, from courts or authorities (such as pleadings, information, etc.), other third parties (such as witness statements, opinions of experts, etc.) or from publicly accessible sources (such as registers, websites, etc.).

Legal bases of the processing are:

• Art. 6 (1) sentence 1 lit. b) GDPR, insofar as personal data of a contractual partner (client) are processed and the processing is necessary for the acceptance and processing of the mandate as well as for the fulfillment of the mutual obligations arising from the mandate agreement.
• Art. 6 (1) sentence 1 lit. c) GDPR, insofar as the processing of your data is necessary for the fulfillment of legal obligations (such as under the Money Laundering Act, for the performance of collision checks, etc.).
• Art. 6 (1) sentence 1 lit. f) GDPR, insofar as the processing of your data is necessary to protect our legitimate interests, in particular to assert or defend legal claims arising from the client relationship.

The personal data collected by us will only be stored for as long as is necessary to achieve the purpose for which the data was collected. This is regularly no longer the case when the mandate has been concluded and possible warranty claims have expired and we are not obliged to store data beyond this period due to retention obligations resulting from the professional law of lawyers or from tax and commercial law regulations, or we have not expressly consented to storage of the data beyond this period in accordance with Art. 6 Para. 1 Sentence 1 lit. a) GDPR.

Insofar as we have been granted permission to speak about individual mandates with the relevant industry services for commercial law firms (e.g. JUVE, Legal500, Chambers), we reserve the right to name clients or contact persons as reference persons and to transmit the name and first name, company and position, postal address, e-mail address and telephone number of the reference person to the respective industry services for this purpose. This data may be used by the industry services to contact the persons concerned and to ask them about their cooperation with OPPENLÄNDER. The legal basis for this is Art. 6 para. 1 sentence 1 lit. f) GDPR.

A publication of personal data in the context of reporting on individual mandates on our homepage only takes place if the data subjects have expressly consented to this on the basis of Art. 6 para. 1 sentence 1 lit. a) GDPR.

IV. Data processing for direct marketing purposes

We reserve the right to process personal data provided to us within the scope of the client relationship - i.e. surname, first name, postal address and, if applicable, further information voluntarily provided to us (position, industry, legal fields) - in order to send our client or contact person invitations to OPPENLÄNDER events relevant to him/her and information on new legal developments or general information by mail. The legal basis for this is Art. 6 para. 1 sentence 1 lit. f) GDPR.

We only use the e-mail address provided to us for direct marketing purposes if the data subject has expressly consented to this. The legal basis for this is Art. 6 para. 1 sentence 1 lit. a) GDPR.

Each client or contact person may at any time object free of charge and with effect for the future to the processing of personal data relating to him for direct marketing purposes by sending a message to the contact details given in Section I. or by using a link provided for this purpose in an e-mail sent by us or by revoking his consent to this.

V. Data processing in case of applications

In the case of applications to OPPENLÄNDER, we process the personal data provided to us by the applicant, in particular personal data (name, date and place of birth, photo if applicable, and other personal details), address and contact data (address, e-mail, telephone, mobile), certificates of qualification (school reports, examinations and diplomas, job references, further training certificates) and CV data. The data is processed exclusively for the purpose of processing the application, in particular for carrying out the application process as well as for deciding whether to hire you at OPPENLÄNDER. Legal bases are § 26 para. 1 BDSG and Art. 6 para. 1 sentence 1 lit. b) GDPR.

Applicants' data are regularly deleted if they are not hired and are usually stored for a period of six months, unless the applicant has expressly consented to the data being stored beyond this period.

VI. Data processing for participation in events

We reserve the right to take photographs or video recordings at selected events organized by OPPENLÄNDER Attorneys at Law in order to capture impressions of the event. The images taken will be processed exclusively for the purpose of event documentation and reporting on the event (including in print media or on the website of OPPENLÄNDER Attorneys at Law). The legal basis for this is Art. 6 para. 1 sentence 1 lit. f GDPR. If a participant does not consent to being photographed during the event or to being recognized in the context of reporting on the event, this person may object to the processing of his/her data pursuant to Art. 21 (1) GDPR (cf. VII.), inter alia by informing a contact person of OPPENLÄNDER Attorneys at Law or the person taking the photograph directly on site.

VII. Transfer of Personal Data to Third Parties | Third Country Transfer

As a matter of principle, personal data will not be passed on to third parties - unless stated before or elsewhere. In particular, we do not pass on personal data to recipients based outside the European Union or the European Economic Area, unless such a transfer is necessary in connection with the processing of a client relationship or it takes place in agreement with the client or at the client's express request. In this case, the data subject will be informed separately about the processing of his/her personal data.

Insofar as this is necessary for the processing of client relationships in accordance with Art. 6 Para. 1 Sentence 1 lit. b) GDPR, personal data will be passed on to third parties. This includes in particular the disclosure to opposing parties and their representatives (in particular their lawyers) as well as courts and other public authorities for the purpose of correspondence as well as the assertion and defense of our clients' rights.

In some cases, we use external service providers for the processing of personal data within the scope of commissioned processing pursuant to Art. 28 GDPR (e.g. in the area of IT services, translations or file destruction). These service providers have been carefully selected and commissioned by us, are bound by our instructions and are regularly monitored.

At most, in exceptional cases and only within the scope of legal regulations, personal data is passed on to supervisory and law enforcement authorities, insofar as it is necessary for the prevention and detection of fraud and other criminal acts. Legal bases for this are Art. 6 para. 1 sentence 1 lit. c) and f) GDPR.

VIII. Data subject rights

Insofar as we process personal data, the data subjects are entitled to the following rights:

Right of objection

Insofar as processing is based on Art. 6 (1) sentence 1 lit. f) GDPR ("legitimate purposes"), the data subject may object to the processing of his or her personal data in accordance with Art. 21 GDPR.

We will then no longer process the personal data, unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or the processing serves to assert, exercise or defend legal claims.

The processing of personal data for advertising/marketing purposes can be objected to at any time - without giving reasons. The data concerned will then no longer be processed for advertising/marketing purposes.

Revocation of consent

Insofar as personal data has been provided to us on the basis of consent, data subjects have the right to revoke their consent under data protection law at any time without stating reasons by sending a message to the office named in Section I. This applies in particular to consent for advertising/marketing purposes. This applies in particular to consent to the processing of personal data for e-mail and telephone marketing. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the declared consent until the revocation.

Further data subject rights

In addition, data subjects may - if the respective legal requirements are met - claim the following rights:

• Right to information about the processing of personal data concerning them, about the purposes of processing, the categories of data and their origin if the data were not collected directly, the categories of recipients of personal data, the planned storage period and the data subject rights (cf. Art. 15 GDPR);
• Right to rectification of inaccurate or incomplete personal data, insofar as the data about the data subject are not (or no longer) accurate or incomplete (cf. Art. 16 GDPR);
• Right to erasure of personal data, in particular if the data is no longer necessary for the purposes for which it was collected and we are not obliged to retain the data due to legal or contractual requirements (cf. Art. 17 GDPR);
• Right to restrict the processing of personal data (cf. Art. 18 GDPR);
• Right to data portability with regard to personal data provided to us by the data subject in a commonly used, machine-readable format or to the transfer of such data to another controller (cf. Art. 20 GDPR).

In order to exercise the aforementioned rights, certain conditions must be met. For a better understanding and easier readability of the data subject rights, we have summarized them here in parts. If required, please refer to the original text or contact our data protection officer directly.

Right of complaint to the supervisory authority

Data subjects also have the right to lodge a complaint with a supervisory authority, in particular in the EU Member State where the data subject has his or her habitual residence or place of work or where an alleged violation of applicable data protection laws has occurred (cf. Art. 77 GDPR). The supervisory authority responsible for us is the:

State Commissioner for Data Protection and Freedom of Information of Baden-Württemberg.
Lautenschlagerstraße 20
70173 Stuttgart
E-mail: poststelle@lfdi.bwl.de.

IX. Data security | Encryption of e-mail communication

We take appropriate technical security measures to protect the data entrusted to us from loss, destruction, disclosure and access by unauthorized persons and always adapt these measures to technical developments. However, we would like to point out that data transmission over the Internet (e.g. when communicating by e-mail) may be subject to security vulnerabilities. Complete protection of data against access by third parties is not possible.

We offer our clients, in particular, the option of exclusively using encrypted e-mails for client-related communication. We will be happy to provide more detailed information on this upon request.

X. Links to Internet pages of third parties

We link to websites of other providers not affiliated with us (third parties). We would like to point out that we have no influence on what data is processed by these providers when you click on these links. Since data processing by third parties is beyond our control, we cannot accept any responsibility for this. For more information on the processing of your data by these third parties, please refer to the data protection information of the respective provider.

XI. Adjustments to the data protection information

We will revise our information on the processing and protection of your personal data from time to time in order to adapt it to the state of the art or to changes in general conditions. We therefore recommend that you regularly check our website for any changes.

Status: January 2022