DE

Privacy policy of nucleus partners Rechtsanwälte Partnerschaft mbB

Name and Contact Details of the Controller

nucleus partners Rechtsanwälte Partnerschaft mbB
Neuer Wall 84, 20354 Hamburg, Germany
T +49 40 7412312-0
F +49 40 7412312-99
hamburg@nucleuspartners.de

Processing of Personal Data in the Context of Providing Legal Services to Clients

 Establishment and Implementation of Client Relationships

 If you engage us or act for a company or other organization that engages us, or if we contact you on the basis of a client relationship, we regularly collect the following information:

  • Title, first name, last name

  • a valid email address

  • Address

  • Telephone number (landline and/or mobile)

  • If applicable, position in the company / organization, signing authority, power of attorney

  • if applicable, information that is necessary for the assertion and defense of your rights within the scope of the mandate.

As a rule, this data is collected in order to be able to identify you as our client or as a natural person acting on behalf of our client or as our contact person on the other side, to be able to provide you as our client with appropriate legal advice and representation and to correspond with you.

If you have engaged us, your data will be processed in accordance with Art. 6 (1) (b) GDPR for the stated purposes of processing the mandate and for the mutual fulfillment of obligations arising from the engagement letter. Otherwise, the data will be processed for the purposes of handling the matter on the basis of our legitimate interest pursuant to Art. 6 (1) (f) GDPR.

Legal Obligations

We will also process your data if and to the extent necessary to comply with our legal obligations, such as obligations under the German Money Laundering Act (Geldwäschegesetz, GwG). For the purposes of preventing money laundering and terrorist financing, we may in particular be obliged to collect and process data to establish your identity and your assets and shareholdings in accordance with Section 10 GwG. The legal basis for this processing of personal data is Art. 6 (1) (f) GDPR.

 Legal Defense

If, in the course of the client relationship, it should become necessary for us to defend ourselves against liability claims or if we have to take action against one of our clients due to outstanding invoices, the processing of personal data necessary for this purpose is based on our legitimate interest in being able to defend our legal position appropriately, Art. 6 (1) (f) GDPR.

Storage Period and Retention Obligations in the context of an Engagement

The personal data collected by us with respect to an engagement will be stored until the expiry of the statutory retention obligation for lawyers (6 years after the end of the calendar year in which the engagement has expired or been terminated) and then deleted, unless we are obliged to store it for a longer period of time in accordance with Art. 6 (1) (c) GDPR due to tax and commercial law retention and documentation obligations (due to HGB, UStG or AO), or further processing is necessary due to ongoing legal disputes, or you have consented to further storage in accordance with Art. 6 (1) (a) GDPR.

Visit our Website

When you visit our website, the following data is stored by our hosting service provider for organizational and technical reasons: The names of the pages you access, the browser you use and your operating system, date and time of access, website from which access is made (referrer URL), name and URL of retrieved files and your IP address.

This information is required in order to deliver the content of our website correctly. In addition, we only evaluate this technical data for statistical purposes in order to constantly optimize our website and make our Internet offers even more attractive. The processing is based on our legitimate interest in accordance with Art. 6 (1) (f) GDPR. Our legitimate interest follows from the above-mentioned purposes for data collection.

The data is stored separately from other personal data on secure systems. No conclusions are drawn about individual persons unless this is necessary to clarify abusive page access. Information from log files is stored for a period of 30 days and deleted immediately after the storage period has expired, unless we are entitled to store it for longer due to special circumstances, for example for reasons of proof in the event of a legal violation. The legal basis for data processing is Art. 6 (1) (f) GDPR. Our legitimate interest follows from the data collection purposes listed above. The aforementioned log files are regularly deleted after 30 days.

It may happen that we link to third-party services on our website. We are not responsible for the processing of your data by these services.

Contact and Data Exchange

Communication by Email and Telephone

For questions of any kind, we offer you the opportunity to contact us by telephone or email. If you provide us with personal data in these ways or via our websites (e.g. via a contact form), we store and use it on the basis of Art. 6 (1) (a) GDPR only to process your inquiries, or on the basis of Art. 6 (1) (b) GDPR if the subject of your inquiry is (pre-)contractual information. You can revoke your consent to the processing of the data provided at any time. All you need to do is send an email to info@nuceluspartners.de. We will then delete your data unless there is a legal obligation to retain it (e.g. if you send us a pre-contractual message via the contact form and we subsequently establish a contractual relationship, or if your message relates to existing contractual relationships).

Audio and Video Conferencing Solutions

We offer you the option of holding audio or video conferences instead of face-to-face meetings. For this purpose, we use the Teams solution from Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland. Microsoft regularly processes data in the USA. Microsoft is certified under the EU-US Data Privacy Framework.

When using the audio or video conferencing solution, different types of data are processed, namely master data and contact data. The scope of the data also depends on the data you provide before or during participation in an audio or video conference. Furthermore, meeting metadata such as meeting titles and descriptions, participant IP addresses, device/hardware information, MP4 files of all video, audio and presentation recordings, M4A files of all audio recordings and finally text files when using the chat functions are also stored. If you dial in with the phone, details of the incoming and outgoing call number, country name, start and end time and, if applicable, connection data such as the IP address of the device are saved.

We will of course never make recordings without the prior consent of all participants.

The legal basis for this data processing is our legitimate interest in communicating by means of video conferencing as part of our client work (Art. 6 (1) (f) GDPR).

Disclosure of Data to Third Parties

Your personal data will not be transferred to third parties for purposes other than those listed below.

Managing Client Relationships

Insofar as this is necessary in accordance with Art. 6 (1) (b) GDPR for the processing of client relationships with you, your personal data will be passed on to third parties. This includes in particular the disclosure to opposing parties and their representatives (in particular their lawyers) as well as courts and other public authorities for the purpose of correspondence and for the assertion and defense of your rights.

If necessary for providing legal services to our clients or for the assertion, exercise or defence of legal claims, we also transfer personal data to countries outside the European Union or another contracting state of the European Economic Area (third country) or to an international organization. This may be the case in particular in matters that have a substantive connection to a third country or an international organization (e.g. negotiations with a party based in a third country). Such data transfers are carried out on the basis of Art. 49 (1) (b) or (e) GDPR, unless there are other guarantees for compliance with an adequate level of data protection (such as an adequacy decision by the EU Commission).

Processor

In addition, we commission IT service providers as well as infrastructure and platform service providers to process your data. This data processing takes place within the European Union. Our legitimate interest lies in ensuring the reliable and secure processing of data in the performance of our activities and administration of our law firm with the support of professional service providers.

The attorney-client privilege remains unaffected. Insofar as data subject to attorney-client privilege is concerned, it will only be passed on to third parties to carefully selected service providers who we have specifically obliged to maintain confidentiality in accordance with Section 43e BRAO and who have been informed of the criminal liability of a breach of attorney-client privilege.

Duration of Storage

We process personal data of data subjects in accordance with Art. 17 and 18 GDPR only for as long as is necessary to achieve the underlying purpose or as provided for by law. If the purpose of the storage no longer applies, personal data will be deleted in accordance with the statutory provisions, unless we are obliged (e.g. due to tax and commercial law storage and documentation obligations) or entitled (e.g. due to ongoing legal disputes) to store the data for a longer period of time or you have consented to further storage in accordance with Art. 6 (1) (a) GDPR or Art. 9 (2) (a) GDPR.

Rights of Data Subjects

You have the right:

  • if we process personal data on the basis of your consent, in accordance with Art. 7 (3) GDPR, to revoke your consent once given to us at any time. As a result, we may no longer continue the data processing based on this consent in the future. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal;

  • to request information about your personal data processed by us in accordance with Art. 15 GDPR. In particular, you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the origin of your data if it was not collected by us, and the existence of automated decision-making including profiling and, if applicable, meaningful information about its details;

  • in accordance with Art. 16 GDPR, to immediately request the correction of incorrect or incomplete personal data stored by us;

  • in accordance with Art. 17 GDPR, to demand the deletion of your personal data stored by us, unless the processing is necessary to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims;

  • in accordance with Art. 18 GDPR, to demand the restriction of the processing of your personal data if the accuracy of the data is disputed by you, the processing is unlawful but you refuse to delete it and we no longer need the data, but you need it to assert, exercise or defend legal claims or you have lodged an objection to the processing in accordance with Art. 21 GDPR;

  • in accordance with Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request the transmission to another controller and,

  • if your personal data are processed on the basis of legitimate interests pursuant to Art. 6 (1) (f) GDPR, to object to the processing of your personal data pursuant to Art. 21 GDPR, provided that there are reasons for this arising from your particular situation.

If you wish to exercise the aforementioned rights, simply send an email to info@nucleuspartners.de.

You are also entitled to lodge a complaint with a supervisory authority in accordance with Art. 77 GDPR.