In the course of our mandate work, we process personal data of our (potential) clients, their representatives and employees as well as of opposing parties, their representatives and employees of courts and authorities as well as other persons relevant for the performance of the mandate relationship.
In the following, we inform you about the processing of personal data in the context of the client-lawyer relationship.
Categories of data
The following data is processed within the scope of the client-lawyer relationship:
-
Data we receive to identify our (potential) clients, their beneficial owners, their representatives and persons acting on their behalf
-
Contact details (in particular names, addresses, telephone numbers, e-mail addresses, dates of birth) of (potential) clients, their employees, opponents in proceedings and their employees, representatives and advisors, courts and/or authorities
-
Information we receive for the purpose of advising and representing our clients within the scope of the mandate
-
Data requiring special protection (such as health data or similar)
-
Billing data
Purposes and legal basis of data processing
The law firm is entitled to process the personal data entrusted to it within the scope of the mandate relationship in accordance with the provisions of the applicable data protection law (in particular GDPR and the German Data Protection Act (BDSG)). This data is processed exclusively for the purpose of identifying the client, processing the client's enquiries, processing the contracts concluded with the client, corresponding with the client, informing the client about legal news and services of the law firm, complying with professional regulations, avoiding conflicts of interest, for the purpose of quality and risk management, accounting and/or in connection with the provision of other administrative and IT support services ("processing purposes").
The processing of personal data collected by the law firm is based on the following legal grounds:
-
The client has given his explicit consent pursuant to Art. 6 (1) p. 1 lit. a GDPR.
-
The processing is necessary to protect the legitimate interests of the law firm pursuant to Art. 6 (1) sentence 1 lit. f GDPR.
-
The processing is carried out on the basis of a legal obligation pursuant to Art. 6 (1) sentence 1 lit. c GDPR.
-
The processing is legally permissible and is necessary for the handling of contractual relationships with the client pursuant to Art. 6 (1) sentence 1 lit. b GDPR.
The legitimate interests of the law firm, on the basis of which personal data may be processed pursuant to Art. 6 (1) sentence 1 lit. f GDPR, are:
-
The pursuit of our business activities, which includes, among other things, informing the client about legal news and services of the law firm. In this regard, the client has the right to object in accordance with Art. 21 GDPR,
-
Legal advice, assertion, exercise or defense of legal claims.
Data processing in the context of online conferences in the client relationship
We use Microsoft Teams to conduct telephone conferences, online meetings and video conferences. Microsoft Teams is a service of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA.
We process your personal data insofar as this is necessary to carry out the contact via Microsoft Teams (video conference, chat). This includes the following categories of data:
- Personal data (surname, first name, email, contact details)
- Image data (photos, videos)
- Sound recordings
- Data we need to fulfil our contractual obligation (consultancy, etc.)
The purpose of the processing is efficient communication and the fulfilment of our obligations arising from the client relationship. The legal basis for data processing in connection with our online conferences is Art. 6 para. 1 sentence 1 lit. a GDPR, or Art. 6 para. 1 lit. f GDPR. Insofar as you have given us your voluntary consent to the collection, processing or transmission of personal data for specific purposes, this consent forms the legal basis for the processing of this data.
Consent given can be revoked at any time. Please note that the revocation only takes effect for the future. Processing that took place before the revocation is not affected.
Microsoft Teams is a service provided by a provider from the USA. By concluding so-called standard data protection clauses (SDC) in accordance with Art. 46 Para. 2 lit. c GDPR, this provider has agreed to ensure a comparable level of data protection for data transfers to the USA. Here you can find further information about privacy and Microsoft Teams.
Storage period
The personal data provided by the client may be stored by the law firm from the time of their transmission. The client's personal data processed by the law firm will be deleted as soon as their storage is no longer necessary for the purposes set out above. The time of deletion of the personal data, or the duration of their storage, is based on the following criteria:
-
In the case of legal storage and documentation obligations, due to which the law firm is obliged to store the data, according to their duration
-
According to the duration of the business relationship, insofar as this is necessary within the framework of the above-mentioned purposes
-
According to the statutory limitation periods
A longer storage period results in cases in which the client has consented to further storage in accordance with Art. 6 Para. 1 Sentence 1 lit. a GDPR.
Recipients of the data
Under the aforementioned conditions, the law firm may forward the client's data to the following categories of recipients in particular: Courts, bailiffs, opponents, lawyers, appraisers, insurance companies, authorities, insolvency administrators, tax advisors, auditors, notaries, banks, Infogreffe, Medialex, service providers in connection with statutory registers, translators, interpreters, IT service providers, postal companies. It should be noted that this list is not exhaustive. The IT support of the law firm is currently provided by Navacom IT Solutions GmbH & Co. KG, Sudetenstraße 67, 50354 D-Hürth (HRA Köln 27973).
Your rights
Upon written request or by e-mail, the law firm will inform the client free of charge about the personal data received and stored. In addition, the client has the right to correction, deletion, transfer or restriction of the processing of his personal data in accordance with the statutory provisions. Enquiries concerning all data protection obligations of the law firm should be addressed in writing to QIVIVE Rechtsanwaltsgesellschaft mbH, Konrad-Adenauer-Ufer 71, 50668 Cologne or to the e-mail address: privacy@qivive.com.
Insofar as the processing of his data is based on his consent, the client has the right to revoke his consent with effect for the future at any time. This has the consequence that the law firm may no longer continue the data processing based on this consent for the future.
The client has the right to lodge a complaint with the competent supervisory authority if he or she is of the opinion that the processing of his or her personal data is unlawful. The competent authority at the seat of the law firm is Landesbeauftragte für Datenschutz und Informationsfreiheit Nordhrhein-Westfalen (State Commissioner for Data Protection and Freedom of Information of North Rhine-Westphalia), Kavalleriestraße 2-4, 40213 Düsseldorf, Tel. 0211-384240, e-mail poststelle@ldi.nrw.de.
The firm's mail server transmits all outgoing e-mails to an e-mail gateway with active TLS/SSL encryption. The client consents to e-mail correspondence with him/her without end-to-end encryption, unless the client objects or revokes his/her consent to this procedure, or if a risk to the client's interests would be directly recognisable to the law firm from the circumstances. The client's attention is drawn to the fact that communication via electronic media such as e-mail and fax involves a loss of confidentiality and data security. The client may at any time request that the law firm in future only correspond with him by letter post.
By entering into the retainer agreement, the client agrees to be informed by e-mail or post about legal updates and services provided by the firm. The client may revoke his consent to receive this information at any time with effect for the future.