Seitz Rechtsanwälte Steuerberater Partnerschaftsgesellschaft mbB, Aachener Straße 621, 50933 Cologne ("Seitz", "we", "us", "our") takes its responsibility for data protection and information security very seriously. The careful handling of all personal data is a core part of our business and the basis for our procedures and processes. Not only regarding the applicable data protection regulations, but also out of our commitment to our clients, we have established procedures to create the best possible compliance and effective risk management.

With this Privacy Notice we would like to inform you about the processing of your personal data in connection with your visit and use of this website as well as the use of our services.
This Privacy Policy does not exempt from complying with, nor does it supersede, the requirements of any respectively applicable law. In the event of any conflict between any provision or regulation of applicable law and any provision of this Privacy Policy, the former shall prevail.

Unless otherwise specified below, the data controller for the processing of your personal data is Seitz Rechtsanwälte Steuerberater PartG mbB, Aachener Straße 621, 50933 Cologne, Germany.

In this section we inform you about the processing of personal data in connection with your visit to our website and its use.

  • For what purposes do we process your data?

    When you visit our website, your browser will contact our web server to find the page you want to visit. In this context, personal data such as your IP address will be transmitted to us by your browser (i.e. HTTP/S-requests). The connection data is processed by our web server to enable access to and display of our website.

    Our web server automatically stores a log of the pages you visit (known as "log files" or "session logs"). We use these log files to ensure the security of our website, in particular to prevent unauthorised intrusions into our website and to enable us to exercise our legal rights and obligations in relation to such unauthorised intrusions.

    We also analyse session logs in order to optimise our website. The analysis as such takes place in anonymous form, so that the results do not allow any conclusions to be drawn about you as an individual.

  • On what legal basis do we process your data?

    The legal basis for processing your data when surfing our website regularly depends on the purpose of your visit. Insofar as you wish to inform yourself about our offers on our website and, if applicable, contact us for an assignment, the legal basis is Art. 6 para. 1 lit. b) GDPR (initiation of a contract). For general information purposes in other respects, the legal basis is our legitimate interest in operating a website for general information and communication purposes and for presenting our law firm, and your legitimate interest in viewing it (Art. 6 para. 1 f) GDPR). The processing of log files is based on our legitimate interests according to Art. 6 para. 1 lit. f) GDPR. Our legitimate interest is to protect our facilities and systems from attacks and, if necessary, to take legal action against attackers, as well as to further develop our websites for economic purposes.
     

  • To whom is your data passed on or who is involved in the processing of your data?

    Our IT department has access to log files and will share them with our internal and external recipients, including the appropriate authorities, as necessary to exercise our legal rights regarding unauthorized intrusions into our website.

    Our website is operated via servers of the company "NetBuild GmbH", Alfred-Nobel-Allee 38, 66793 Saarwellingen, which acts as a service provider for hosting services on our account (Art. 28 GDPR).

  • Will your data be transferred to a third country or an international organisation?

    We do not transfer your personal data to any third country or international organisation in connection with your visit to our website.

  • How long will your data be stored?

    The log files are stored for 14 days. All other data is deleted immediately after the HTTP/S call has been executed.

  • Is there an obligation for you to provide your data and what happens if you decide not to?

    Without the processing of the aforementioned personal data, you will not be able to view or visit our website.

  • Who is the responsible controller for the Google Maps service under the GDPR?

    We use the map service "Google Maps" on our website. We have marked the location of the law firm in Cologne on Google Maps and embedded this map on our website under "Contact".
    The company Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) acts as controller within the meaning of the GDPR. We have no access to the data collected by Google as part of the map service. Any data processing is solely determined by Google. In the interest of the best possible transparency, we would nevertheless like to provide you with some information on data processing in connection with the Google Maps service. For more information, please refer to Google's privacy policy (available at policies.google.com/privacy ).

  • For what purposes is the Google Maps service used?

    We have marked the location of the law firm in Cologne on Google Maps and embedded this map on our website under "Contact" to enable visitors to find the location quickly and to render our website more attractive.
     

  • On what legal basis do we process your data?

    From Seitz's perspective, the processing of your personal data in connection with the Google Maps service serves legitimate interests pursuant to Art. 6 para. 1 lit. f) GDPR. Our legitimate interest is to optimise our website to promote our business purposes and to enable visitors to quickly find the location of the law firm in Cologne. For more information on the legal basis for the processing of your personal data, please refer to the privacy policy of Google as the Controller (available at policies.google.com/privacy).
     

  • To whom is your data passed on or who is involved in the processing of your data?

    We do not have access to your personal data in connection with the Google Maps service and do not share any information with third parties. For more information about how Google, as the controller, shares your personal data, please see Google's privacy policy (available at policies.google.com/privacy).
     

  • Will your data be transferred to a third country or an international organisation?

    We do not transfer your personal data in connection with the Google Maps service to a third country or an international organisation. If the Google Maps service connects to servers of Google as the controller and personal data is transmitted by you for this purpose, you will find further information on this in the Google privacy policy (available at policies.google.com/privacy).
     

  • How long will your data be stored?

    We do not store any personal data in connection with the Google Maps service. Further information on the storage of your personal data by Google as the controller can be found in Google's privacy policy (available at policies.google.com/privacy).

  • Is there an obligation for you to provide your personal data and what happens if you decide not to?

    You are not obliged to provide your personal data. However, without processing your personal data, the use of our website seitzpartner.de and the map service Google Maps embedded on the website is not possible.
     

In this section of our privacy policy, we would like to inform you about the processing of personal data in connection with our social media presences. We also provide information on how we ensure compliance with the GDPR (and other data protection regulations with the same effect).

  • Who is the responsible controller in relation to our social media presence under the GDPR?

    We maintain social media presences on various platforms (e.g. LinkedIn, Talent Rocket).

    In this context, the respective platform operator is primarily responsible under data protection law (controller). Information about data processing can be found in the respective social media providers’ data protection notices:

    LinkedIn: https://de.linkedin.com/legal/privacy-policy

    TalentRocket: https://www.talentrocket.de/datenschutz

    Seitz acts as joint controller under data protection law (Art. 26 GDPR) with the operator of the social media platform for the following processing operations:

    • Evaluation of statistics on the usage behavior of visitors. This data is regularly only available to us anonymously.
    • Interacting with our social media team or responding to our posts (e.g. through comments, likes, etc.).
  • For what purposes is data processed?

    Visits to our social media sites, user statistics

    When you visit our social media sites - regardless of whether you are logged in - the respective social media provider collects personal user data (usage data), some of which is shared with us in the form of user statistics. However, we do not have full access to collected data or your profile data.

    For example, the following information may be provided to us anonymously:

    • Followers/fans etc.: Development of the number of people who follow Seitz.
    • Reach: e.g. number of people who see a specific post.
    • Ad performance (if relevant): How many people have seen an ad?
    • Demographics: average age of visitors, gender, place of residence, language.

    However, we cannot draw any conclusions about individual users from the usage data. Statistics are only used to improve the online offer on our social media sites and to better respond to user interests.

    Interaction

    If you interact with us via the social media presences, e.g. by sending us an application or other message or commenting on posts, the corresponding content of the interaction will be processed by Seitz. In addition, Seitz may be able to see the public information of your profile, which you can manage yourself. 

  • On what legal basis do we process your data?

    The legal basis for the above-mentioned processing by Seitz in connection with job applications is generally Section 26 para.1 sentence 1 of the German Data Protection Act - BDSG (necessity for the decision on the establishment of an employment relationship). 

    Apart from that, Art. 6 para. 1 lit. f) GDPR (our legitimate interest to conduct business correspondence or e.g. to answer inquiries about us as an employer) is the legal basis for the processing.

  • To whom is your data passed on or who is involved in the processing of your data?

    Your data will only be used or forwarded by us internally by the respective responsible persons. For information on who is involved in the processing of data at the respective social media provider, please refer to the privacy policy of the respective social media network.
     

  • Will your data be transferred to a third country or an international organisation?

    We do not transfer your personal data to any third country or international organization in connection with our social media presences.

    It is possible that an operator of social media platforms connects to servers in third countries (e.g. USA) as part of its services and transmits your personal data there. You will find information on this in the privacy policy of the respective social media provider.

  • How long will your data be stored?

    As a matter of principle, we do not store any personal data on the servers we use in connection with our social media sites, except in the cases mentioned below in which we process your information internally (direct communication, e.g. applications). In these cases, the explanations given in section 7 apply to job applications, and the explanations given in section 8 apply to other communication. 

    We also regularly have access to the data stored by the respective social media platform. For more information on the storage of your personal data by the operator of the social media platform itself, please refer to the privacy policy of the respective social media provider.

  • Is there an obligation for you to provide your personal data and what happens if you decide not to?

    You are not obliged to provide your personal data. However, without processing your personal data, the use of our social media presences is not possible or only possible to a limited extent.

In this section of our Privacy Policy, we would like to inform you about the processing of personal data in the provision of legal and tax advice ("Advice") and legal services. We also provide information on how we ensure compliance with the GDPR (and other data protection legislation with the same effect).

  • For what purposes do we process your data?

    We process personal data in relation to a legal matter ("Mandate Data") for certain specific purposes, including:

    • for providing Advice to our clients and processing the mandate
    • for compliance with our obligations under applicable laws and regulatory requirements in the jurisdictions in which we operate
    • for operational purposes (e.g. keeping internal records, bookkeeping, invoicing and tax compliance)
    • for the fulfilment of certain legal obligations (e.g. disclosure obligations and compliance with court orders, if applicable)
  • Whose personal data do we process when handling a mandate?

    Depending on the circumstances of the case, personal data of different data subjects may be processed, including data of:

    • Clients and their respective mandate holders, representatives, and employees
    • Counterparties or contractual partners of our clients and their respective mandate holders, representatives, and employees
    • Other advisors, consultants and freelancers dealing with the mandate, as well as their respective mandate holders, representatives, and employees
    • Our partners and employees
    • Third parties such as court personnel, witnesses and other natural persons involved in the mandate.
  • What categories of personal data are processed as "Mandate Data"?

    Depending on the nature of the mandate and the information provided to us or obtained in the course of the mandate, Mandate Data may include different types of personal data. The types of personal data we normally process in relation to a mandate include client contact details and communications data.

    Depending on the mandate, we also process "special categories of personal data" within the meaning of Article 9 para. 1 of the GDPR (e.g. health data) and personal data relating to criminal convictions and offences or related security measures within the meaning of Article 10 of the GDPR. Of course, we limit the processing of personal data and in particular sensitive personal data to the minimum necessary..

  • On what legal basis do we process personal data?

    • The basis for the processing of client data by us is usually our legitimate interests in providing our (Advisory) services to our clients (Art. 6 para. 1 lit. f) GDPR). This processing is also necessary to protect the legitimate interest of our clients in receiving advisory services and, if applicable, representation by us.
    • We also have a legitimate interest in processing client data in order to fulfil certain obligations in connection with the operation of our firm, such as maintaining our client relationships and record keeping and invoicing and for tax purposes (Art. 6 para. 1 lit. c) GDPR).
    • We also process client data to comply with our legal obligations under applicable laws.

    We process special categories of personal data where necessary:

    • for the assertion, perception, or defence of legal claims,
    • on the basis of your consent,
    • in the context of labour law and social security law,
    • in the context of personal data published by the data subject

    and/or for reasons of public interest in connection with a statutory provision.

  • What sources of personal data do we use?

    In connection with a mandate, our clients normally provide us with personal data which we need to process the mandate in our capacity as legal advisors.

    However, we may obtain certain personal information from other sources, such as public records and databases, judicial and public records, and our communications with third parties and other counsel involved in the matter.

  • To whom is your data passed on or who is involved in the processing of your data?

    In the course of our work on a mandate, we share certain personal data where necessary and subject to appropriate conditions of confidentiality and data protection:

    • if necessary, on a case-by-case basis, with other freelance consultants, including those working with us on a mandate
    • with other parties who supply goods or provide services to us for the purpose of supporting our work on a mandate (e.g. providers of legal technology) or in connection with the administration of Seitz's activities in the normal course of the firm's business; and/or
    • with our freelance consultants and insurers if the provision of their services is necessary for us.
  • Will your data be transferred to a third country or an international organisation?

    Where applicable, we share business development data within our seitz.global network and with certain third parties who assist us in managing our activities in the regular course of our partnership. Appropriate safeguards for the transfer of personal data are provided through standard contractual clauses. This processing is based on your consent or that the transfer complies with data protection law for other reasons. In addition, we at Seitz have established binding data protection and information security policies that govern all of our internal data processing operations.

  • How long will your data be stored?

    We only retain personal data for as long as there is a legitimate reason or other legal ground for doing so, and we will review these legal grounds regularly. We regularly review the existence of a reason for retention. If there is no longer a legal reason to retain the data, we will securely delete or in some cases anonymise personal data.
     

  • Is there an obligation for you to provide your personal data and what happens if you decide not to?

    If you do not provide us with your personal data, we will not be able to carry out the contractual relationship or fulfil the above-mentioned communication purposes.

In this section of our privacy policy, we would like to inform you about the processing of personal data in connection with advertising for our services. We also provide information on how we ensure compliance with the GDPR (and other data protection regulations with the same effect).

  • For what purposes do we process your data?

    In carrying out our partnership business, we promote our business development with existing and potential clients and other relevant third parties in a number of ways. For these purposes, we process certain "business development data", such as:

    • Contact details (e.g. name, business address, telephone numbers, e-mail address, position)
    • Data about (marketing) preferences and areas of interest and/or 
    • Data on previous involvement in marketing initiatives.

    This data is provided either directly by the relevant data subject or through other business contacts and sources (e.g. business information services, public registers).

  • On what legal basis do we process your data?

    The processing is based on our legitimate interest to pursue business development interests or, if applicable, to carry out pre-contractual measures that take place at the request of the data subject (Art. 6 para. 1 lit. f), Art. 6 para 1 lit. b) GDPR).

  • To whom is your data passed on or who is involved in the processing of your data?

    On a case-by-case basis, we share certain business development data with our business partners (e.g., cooperating law firms in our seitz.global network) and certain other parties who assist us in our business development activities in the normal course of law firm operations (e.g., marketing service providers).
     

  • Will your data be transferred to a third country or an international organisation?

    Where applicable, we share business development data within our seitz.global network and with certain third parties who assist us in managing our activities in the regular course of our partnership. Appropriate safeguards for the transfer of personal data are provided through standard contractual clauses. This processing is based on your consent or that the transfer complies with data protection law for other reasons. In addition, we at Seitz have established binding data protection and information security policies that govern all of our internal data processing operations.

  • How long will your data be stored?

    We retain personal data for as long as there is a legitimate reason or other legal ground for doing so. We regularly review the existence of a reason for retention. If there is no longer a legal reason to retain the data, we will securely delete or in some cases anonymise personal data.

  • Is there an obligation for you to provide your personal data and what happens if you decide not to?

    If we collect business performance data directly from you, you have full discretion over how and what you disclose to us. There are no negative consequences for you if you do not provide us with business development data.
     

In this section of our privacy policy, we would like to inform you about the processing of personal data in the context of an application procedure. We also provide information on how we ensure compliance with the GDPR (and other applicable data protection regulations with the same effect).

  • For what purposes do we process your data?

    Application by e-mail

    On our website, we offer you the opportunity to apply by e-mail for a vacancy in our law firm. Personal data such as name, contact details, training data and information on professional experience ("applicant data"), which you provide to us as part of your application, will be treated confidentially and stored and used electronically solely for the purpose of processing the application and, if applicable, for the implementation of the subsequent employment relationship. We require the data processed as part of the application process for the possible conclusion of an employment relationship or the decision on your employment. We process this personal data in order to check your suitability for the relevant position, for the purpose of processing the application and for contacting you.

    Application via a social media presence

    In the event of an application via social media presences, the statements made under point 4 shall apply, in particular with regard to joint controllership.

  • What sources of data do we use?

    Generally, we receive all applicant data directly from you.

    When we conduct pre-employment checks, we also receive data from third parties (e.g. previous employers or other references).

  • On what legal basis do we process your data?

    In general, the processing is based on the fact that we carry out pre-contractual measures upon your request as a data subject or fulfil a contract concluded with you (Art. 6 para. 1 lit. b) GDPR). Furthermore, the processing is based on relevant national regulations on data protection in the employment context (in particular Section 26 German Data Protection Act - BDSG).

    Some applicant data is processed to ensure compliance with certain obligations under laws or regulations.

    If we need to process special categories of personal data, we will ask for your consent where necessary.

  • To whom is your data passed on or who is involved in the processing of your data?

    We only pass on your data within our firm to the department responsible for your application. In addition, we will only pass on your personal data to other recipients if there is a legal obligation of notification, for example towards the authorities.
     

  • How long will your data be stored?

    We retain personal data for as long as there is a legitimate reason or other legal basis for doing so. We regularly review the existence of a legal basis for retention. If there is no longer a legal basis for retaining the data, we will securely delete or in some cases anonymise personal data.

    Your application data will be stored for the duration of the review of your application. If your application is unsuccessful or if you withdraw your application, your application data will be deleted unless longer retention is permitted or required by another legal basis (e.g. to exercise our legal rights or to comply with applicable law). 

    Furthermore, your personal data may be retained for evidential purposes for the period during which there is a possibility that claims may be brought against Seitz (e.g. on the basis of national anti-discrimination legislation). If your application is successful, any data provided as part of the application process may be further processed for (or in relation to) your future employment with us. For more information about the processing of your personal data in connection with your employment, you will be able to access the internal privacy statement available to our staff on the intranet.

  • Is there an obligation for you to provide your data or is this necessary for the conclusion of a contract and what happens if you decide not to do so?

    If you do not provide us with the aforementioned personal data, this will not have any negative consequences for you. However, incomplete or inaccurately completed applications cannot be considered. Unfortunately, without providing your personal data, the application cannot be submitted and will therefore be deleted.

In this section of our privacy policy, we would like to inform you about the processing of personal data in connection with the communication between you and us. We also provide information on how we ensure compliance with the GDPR (and other data protection regulations with the same effect).

  • For what purposes do we process your data?

    We offer you the possibility to contact us by e-mail or via our contact form. We will process your personal data (e.g. your name, address, telephone number) in order to deal with your enquiry and store it for potential further enquiries. The content of the communication will also be stored by us in order to respond to your request.

  • On what legal basis do we process your data?

    The processing of your data in the context of communication via the contact form or by e-mail is based on Art. 6 para. 1 lit. b) GDPR, insofar as the exchange is related to the initiation or performance of a contract with you. Otherwise, the legal basis depends on the specific purpose of the exchange. In most cases, Art. 6 para. 1 lit. f) GDPR (our legitimate interest in conducting business correspondence or communicating with customers or, for example, answering inquiries about data protection) will be relevant.

  • To whom is your data passed on or who is involved in the processing of your data?

    We will only pass on your communication data internally to the respective department at Seitz responsible for your request.
     

  • How long will your data be stored?

    We retain personal data for as long as there is a legitimate reason or other legal ground for doing so. We regularly review the existence of a reason for retention. If there is no longer a legal reason to retain the data, we will securely delete or in some cases anonymise your personal data.

  • Is there an obligation for you to provide your data and what happens if you decide not to?

    You are not obliged to provide us with your personal data. However, we need the relevant data to contact you and respond to your request.
     

If you are a natural person and your personal data is processed by Seitz, you have certain rights. These rights are listed below together with a brief, non-exhaustive explanation. 

If you have any questions about this Privacy Policy or wish to exercise any of your rights, please contact us using the contact details below. In order to protect your rights and privacy and to verify any notifications we receive in relation to this Privacy Policy, we may request confirmation or proof of your identity.

  • The right to object to the processing.

    You have the right to object to the processing of your personal data in certain cases.

  • Right to information

    You have the right to be informed whether and, if so, to what extent we process your data.

  • Right of access

    Subject to certain exceptions, you have the right to obtain confirmation as to whether or not we are processing your personal data. If this is the case, you have a right of access to your data.

  • Right to rectification

    If the personal data we process is incomplete or inaccurate, you have the right to request that the data be completed or corrected at any time.

  • The right to erasure ("right to be forgotten")

    Subject to certain exceptions, you have the right to request the erasure of all or some of your personal data if you consider that processing should cease. However, there may well be reasons why immediate erasure is not possible (for example, where retention is required by legal or regulatory obligations).

  • The right to restriction of processing

    You are entitled to request that we restrict the processing of your personal data in certain cases:

    • If you dispute the accuracy of your personal data, you may request that its processing be restricted while we verify its accuracy.
    • If the processing of your personal data is deemed to be unlawful but you object to erasure of your personal data.
    • If we no longer need the data for the purposes of its processing but you need it for the assertion, exercise or defence of legal claims.
    • If you object to our processing of your data on the basis of our legitimate interests.
  • The right to data portability

    If the processing is based on your consent or a contract and is automated, you have the right to request that we provide your personal data in a machine-readable format.

  • Rights in relation to automated decisions and profiling

    You have the right to object to decisions based solely on the automated processing of your personal data.

  • The right to withdraw your consent

    If your personal data is processed on the basis of your consent, you have the right to revoke your consent at any time. The revocation of your consent does not affect the lawfulness of the processing based on your consent until your revocation.

If you wish to exercise your rights, please contact us using the contact below:

  • By post: Seitz Rechtsanwälte Steuerberater PartG mbB, Aachener Straße 621, 50933 Cologne, Germany
  • By telephone: +49 (0)221 56960-0
  • By email: datenschutz@seitzpartner.de

Furthermore, you have the possibility to address complaints to our data protection officer (Seitz Rechtsanwälte Steuerberater PartG mbB, Data Protection Officer, Aachener Straße 621, 50933 Cologne, datenschutz@seitzpartner.de) or the competent Supervisory Authority. For Seitz, this is the State Commissioner for Data Protection and Freedom of Information, North Rhine-Westphalia, P.O. Box 200444, 40102 Düsseldorf, poststelle@ldi.nrw.de.

  • Applicable law

    This includes all applicable laws, rules, orders, statutes and regulatory requirements, as well as ordinances and executive orders of governmental or judicial authorities, in each case in the version valid at the respective point of time.

  • Supervisory Authority

    Refers to an independent public authority established under Article 51 GDPR.

  • Advice

    Refers to all advisory services provided by us, including legal and tax advice services.

  • Special categories of personal data

    According to Art. 9 GDPR, this term relates to personal data that allows conclusions to be drawn about racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data in the sense of a unique identification of a natural person, data relating to health or data relating to the sex life or sexual orientation of a natural person.

  • Cookies

    A cookie is a small text file consisting of letters and numbers that - if you agree - is stored on your browser or your computer's hard drive. Cookies contain information that is transferred to your computer's hard drive.

  • Data protection
 regulations

    Refers to all applicable laws, rules and regulatory requirements relating to the processing of personal data, including, where applicable, the GDPR (and any laws, rules and regulations implementing the foregoing).

  • Third country

    This is a country which is not a member of the European Union or the European Economic Area or which is not covered by the European Commission's "adequacy decision".

  • GDPR

    Stands for the EU General Data Protection Regulation (Regulation (EU) 2016/679), including national implementing laws.

  • Seitz

    Designates Seitz Rechtsanwälte Steuerberater Partnerschaftsgesellschaft mbB, Aachener Str. 621, 50933 Cologne, Germany

  • seitz.global

    Refers to Seitz's international cooperation network, which bundles the memberships in the international lawyer network LAW as well as the employment law specialized network Innangard.

  • Mandate

    Is a matter in respect of which we agree to provide advice or services to a client.

  • Mandate Data

    Has the meaning given to that term in Section 5 of this Privacy Policy (Advising Our Clients).

  • Personal data

    Is any information that relates to an identified or identifiable living person.

  • Standard contract clauses

    A collection of contractual clauses recognised and approved by the European Commission (Decision 2004/915/EC) as appropriate safeguards for transfers of personal data to a third country.

  • TMG

    Telemedia Act of 26 February 2007 (BGBl. I p. 179) as amended.

  • Controller

    This is the legal or natural person who alone or jointly with others determines the purposes and means of the processing of personal data.

  • Process

    Means anything done to or with personal data (including, without limitation, collecting, recording, holding, disclosing, transmitting, making available, using or deleting such data).