Privacy policy for website visitors and clients
1. What is data protection?
The subject of data protection is the protection of your personal data. This is information about the personal or factual circumstances of a natural person (e.g. name, address, telephone number, date of birth, e-mail address, IP address and time). Information for which the law firm cannot establish a link to your person or can only do so with disproportionate effort, for example after anonymization, is not personal data. The law firm may only process your personal data if this is permitted by your consent or a legal provision. You can find out more about the legal basis under the section „On what legal basis is my data processed?“.
2. Who processes my data?
Controller:
Jonas Breyer
Attorney at law
Certified data protection officer (FFD)
Klagenfurter Ring 2FA
65187 Wiesbaden
Germany
3. Which of my data does the law firm process?
3.1 Internet data
The following data is processed each time the website is accessed:
- requested page
- previously accessed page (referrer)
- name of the Internet browser
- languages supported by the browser
- screen resolution
- IP address, and
- time.
3.2 Mandate data
In the case of a mandate, the law firm processes what also concerns third parties:
- Title
- Name
- Date of birth
- Address
- E-mail address
- Telephone and fax number
- for legal entities also legal form and legal representatives, and
- Information required for processing the mandate.
4. Why is my data processed?
4.1 Internet data
The data collected when the website is accessed is processed for the correct provision of the web pages accessed.
4.2 Mandate data
Client data is processed in order to identify, advise and represent clients, to correspond with them and to settle accounts. It may also be used to process liability claims and to assert claims against clients.
5. To whom does the law firm pass on my data?
5.1 Internet data
The data collected when the website is accessed is disclosed to technical service providers, in particular the hosting company, insofar as this is necessary for the above-mentioned purposes. In individual cases, data may also be disclosed to law enforcement and security authorities.
5.2 Mandate data
Insofar as this is necessary for the handling of the client relationship, data can be passed on to third parties. Personal data may be passed on to opposing parties and their lawyers, courts and authorities. Data may also be transferred to other non-public bodies involved in the processing of the mandate (e.g. banks, tax consultants, lawyers, shipping, transportation and telecommunications companies). Recipients may also be public bodies that require data due to legal regulations (e.g. social insurance institutions, tax authorities). The attorney-client privilege remains unaffected.
6. What is the legal basis for processing my data and do I have to provide the data?
6.1 Internet data
The data collected when the website is accessed is processed on the basis of Article 6(1)(f) of Regulation (EU) 2016/679 of the European Parliament and of the Council, the so-called General Data Protection Regulation (GDPR) (safeguarding the legitimate interests of the data controller). The legitimate interest is that the website cannot be displayed or cannot be displayed correctly according to the current state of the art without processing the aforementioned data. You are under no legal obligation to provide the aforementioned data. If you do not wish to provide the data, you can use an anonymization service. If you do not wish to do this either, you will not be able to use the website.
6.2 Mandate data
The processing of data for mandate processing is carried out on the basis of Art. 6 para. 1
- Letter b (contract with the data subject),
- Letter c (legal obligation, such as payment of taxes),
- Letter f (protection of legitimate interests, for example in the case of opponent data) and
- Letter a (consent, for example to the electronic sending of invoices)
GDPR. There is no legal obligation to provide the aforementioned data. However, if the data is not provided, it may not be possible to process the mandate in full.
7. How long does the law firm process my data?
7.1 Internet data
The law firm only stores your data for the duration of the respective page transmission, after which it is anonymized by shortening the IP address.
7.2 Mandate data
The law firm stores client data until the mandate is concluded. Thereafter, it is stored in accordance with statutory retention regulations. For example, accounting documents must be stored for 10 calendar years, incoming and outgoing business letters, other tax documents and client files for 6 calendar years (§ 147 Tax code, § 257 Commercial Code, § 50 Federal Lawyers‘ Act). In the event of a conflict, the longer retention period applies.
8. How is my data protected?
In the interest of the security of your data, the Breyer law firm has been processing your data exclusively on Linux-based systems since 2018. The highly available and secure servers for the website, the BreyerCloud and VideoMeetings are also Linux-based and are located in Germany; the hosting providers and their direct and indirect shareholders are based in Germany or Austria.
All servers mentioned encrypt data during transmission (transport encryption). In the BreyerCloud, encryption of data at rest (AES 256) and password protection (SHA 256) are added. The law firm’s end devices also transmit data via an encrypted virtual private network (AES 256). End-to-end encryption via PGP is available for incoming and outgoing emails. End-to-end encrypted phone calls, chats and video meetings are possible via BreyerCloud, Matrix and Threema.
9. What rights do I have as a data subject?
In accordance with Art. 7 GDPR, you have the right to withdraw your consent at any time with effect for the future./p>
In accordance with Art. 15 GDPR, you can request information about the personal data stored about you.
Furthermore, you can request the rectification of your data in accordance with Art. 16 GDPR, for example in the event of incorrect storage.
In accordance with Art. 17 GDPR, you have the right to erasure, for example if the law firm stores data for longer than permitted.
In accordance with Art. 18 GDPR, you have the right to restrict processing, for example if the accuracy of your data is disputed.
In accordance with Art. 20 GDPR, you may receive the data provided in a structured, machine-readable format or request that it be transmitted to another controller.
In accordance with Art. 21 GDPR, you can object at any time to the processing of your data processed to safeguard legitimate interests (Art. 6 para. 1 letter f GDPR), insofar as there are reasons arising from your particular situation. You can object to the processing of your personal data for scientific or historical research purposes or for statistical purposes at any time for the same reasons.
In accordance with Art. 21 GDPR, you can object to the processing of your data for the purpose of direct marketing at any time.
In accordance with Art. 77 GDPR, you have the right to contact the data protection supervisory authority. The competent authority is the Hessian Data Protection Officer in accordance with the Hessian Data Protection and Freedom of Information Act.
Status: 03.04.2023.