Home

Privacy policy

We hereby inform you about the processing of your personal data ("Data") when you visit our website or our social media profiles, when you have a mandate or other business relationship with us or when you apply for a job with us.

We are responsible for data processing:

Büsing Müffelmann & Theye
Lawyers in partnership mbB and notaries
Sögestr. 59-61
28195 Bremen
e-mail: berlin@bmt.eu

You can reach our data protection officer at: DatenschutzbeauftragterBMT@datenschutz-nord.de.

Content:

I. Use of our website

In this section we inform you about the processing of your data when you visit our website.

1. Scope of data processing
When you call up our website, the following data is transferred to our web server and stored in a log file:

  • IP address
  • date and time of the respective access to a page of the website
  • amount of data transferred to your device
  • files accessed via the homepage
  • URL of the page/homepage from which you reached our website
  • the browser you use (type and version)
  • the operating system you use (type and version)

We also use JavaScript to display our website. Therefore the web server checks whether JavaScript is activated in your browser and stores this information in a session cookie (a small text file) on your mobile device. The session cookie with the name "has_js" is only saved if JavaScript is activated.

2. Purposes of data processing
The processing of this data is necessary to display the contents of the website on your device in the best possible way. We also process this data to investigate and track attacks on our IT.

3. Legal basis of data processing
This data is processed in accordance with Art. 6 Para. 1 letter f GDPR due to our legitimate interest in being able to show you the website and track attacks on our IT.

4. Recipient of the data
We use an external IT service provider, DIREKT HIER, Pascalis Ismailidis, An der Fohlenweide 20, 67112 Mutterstadt, Germany, to provide the website. This service provider processes your data exclusively in accordance with our instructions and on the basis of a contract for order processing in accordance with Art. 28 GDPR.

5. Storage duration
The log data is stored for a period of seven days and then deleted, unless it is exceptionally necessary to keep it longer to follow up an identified attack.

As soon as you close your browser, the session cookie is automatically deleted by default, unless you have made a different setting in the cookie settings of your browser.

II. Clients

In this section we inform you about the processing of data by us, if you instruct us to do so.

1. Scope of data processing
When you mandate us, we collect the following data:

  • salutation, title, first name, last name
  • if applicable, the name and designation of the company or institution in which you work
  • if applicable, your job title or professional training, your e-mail addresses for the processing of the mandate (mostly professional, if applicable also private) as well as the names and e-mail addresses of the employees or contact persons notified by you or required for the processing of the mandate
  • your address (business and private if applicable)
  • your telephone number(s) (fixed and/or mobile), fax numbers
  • information on facts and data necessary for the assertion and exercise of your rights within the scope of the mandate or for the handling of a notarial matter
  • any correspondence arising within the framework of the mandate and the personal data contained therein
  • all data collected for the purpose of billing our services (activity reports, if necessary with contact persons of telephone calls or meetings) including account details and, if necessary, your tax identification number
  • in individual cases, further data required under the Money Laundering Act, in particular the date and place of birth, nationality, a copy of your identity card or passport, data on your beneficial ownership and information on whether you or a beneficial owner in your mandate or their immediate family members or persons close to you are a politically exposed person

2. Purpose of data processing
The processing of your aforementioned personal data is carried out in response to your mandate and is necessary for the legal and appropriate processing of your mandate and the mutual fulfilment of obligations arising from the mandate relationship or for the completion of a notarial procedure. Furthermore, we process the data for correspondence with you, the parties to the mandate, opponents and involved courts or authorities as well as for invoicing. The processing of the above-mentioned data may already be necessary in part for collision checking prior to the mandate.

3. Legal basis
The legal basis for the processing of data in response to the mandate is Art. 6 para. 1 lit. b GDPR, insofar as the client is a natural person. If our client is a legal entity, we process employee data in accordance with Art. 6 para. 1 letter f GDPR on the basis of our legitimate interest in being able to process and fulfil the mandate.

We process your data for the money laundering audit on the basis of a legal obligation and thus in accordance with Art. 6 para. 1 lit. c GDPR in conjunction with the Money Laundering Act.

In the processing of notarial transactions the legal basis is Art. 6 Paragraph 1 lit. c and e GDPR.

4. Recipient of the data, transfer to third countries
Insofar as this is necessary in accordance with Art. 6 Para. 1 Clause 1 lit. b GDPR for the handling of client relationships or for the handling of a notarial procedure (Art. 6 Para. 1 lit. c and e GDPR) with you, your personal data will be passed on to third parties. This includes in particular the passing on of data to the opposing party, in notarial matters to parties to the proceedings or documents, and their representatives (in particular their lawyers) as well as courts, public registers and other public authorities for the purpose of correspondence and for the assertion and exercise of your rights. Third parties are legally obliged to use the data passed on exclusively to the extent required or necessary for the purposes mentioned above.

Beyond this, data will only be passed on if you, as the person concerned, give your consent (Art. 6 Para. 1 lit. a GDPR) or if we, as the persons responsible in accordance with Art. 6 Para. 1 sentence 1 lit. c GDPR, are legally obliged to pass on the data, for example to tax and revenue authorities in the course of corresponding audits.

Within the scope of our tax obligations, we use the services of a tax advisor. Only if it is necessary for tax law reasons, the tax advisor may inspect personal data (e.g. on fee invoices). The tax consultant is already obliged to protect your data as a result of his professional duty of confidentiality.

For the support, storage and hosting of our IT systems and applications, we use the following service provider, who processes your data only in accordance with our instructions and on the basis of a contract for order processing in accordance with Art. 28 GDPR:

ADVOSERVICE Society for Legal EDP Systems mbH, Tauentzienstraße 11, 10789 Berlin.  

We may transfer data to countries outside the EU and the European Economic Area ("third countries") if, for example, you communicate with us from a third country or via e-mail providers in a third country (such as Google or Microsoft in the context of Office 365). It may also be made if the mandate concerns a matter in third countries and therefore requires communication with parties in the third countries. In these cases, the communication in third countries is carried out on the basis of Art. 49 (1) lit. b GDPR.

Your data will not be transferred to third parties for purposes other than those listed.

The attorney-client confidentiality remains unaffected, as does the obligation of our notaries to maintain confidentiality. Insofar as data is subject to the attorney-client privilege, it will only be passed on to third parties with your express consent (Art. 6 para. 1 lit. a GDPR), or insofar as this is necessary for the representation of legitimate interests, e.g. for the enforcement or defence of claims arising from the client relationship or for defence in one's own case (Art. 6 para. 1 lit. f GDPR).

5. Storage duration
The data collected by us in the course of the mandate as well as the processing of the mandate will be stored until the expiry of the statutory retention period for lawyers (pursuant to Section 50 (1) BRAO 6 years after the end of the calendar year in which the mandate was terminated), and deleted thereafter, unless we are obliged to retain the data pursuant to Art. 6 (1) sentence 1 lit. c GDPR due to tax and commercial law storage and documentation obligations (from HGB, StGB or AO) or in notarial matters due to permission in accordance with Art. 6 Paragraph 1 Clause 1 lit. c and e GDPR, we are obliged to store the data for a longer period (DONot), the storage in accordance with § 24 Paragraph 1 Point 2 BDSG is necessary for the assertion, exercise or defence of civil law claims or you have consented to storage beyond this in accordance with Art. 6 Paragraph 1 Clause 1 lit. a GDPR.

III. Mandate-related contacts

In the following, we inform you about how we process your data for the purpose of a mandate if you are not our client but, for example, a witness, family member or authority employee.

1. Scope of data processing
We process data which we receive from you when we contact you on the basis of a client relationship and which we need to process our mandate. This may include the following data:

  • salutation, title, first name, last name
  • if applicable, the name and designation of the company or institution in which you work
  • if applicable, your job title or professional training, your e-mail addresses for the processing of the mandate (professional or, if applicable, private) as well as the names and e-mail addresses of the employees or contact persons you have provided or who are necessary for the processing of the mandate
  • your address (business or private if applicable)
  • your telephone number(s) (fixed and/or mobile), fax numbers
  • information on facts and data necessary for the assertion and exercise of our client's rights or for the handling of a notarial matter
  • any correspondence arising in the course of this communication with the personal data contained therein

2. Purpose of data processing
Your data will be processed for the purpose of carrying out the mandate and protecting the interests of our clients.

3. Legal basis of data processing
We process your data either on the basis of Art. 6 para. 1 lit. c GDPR due to legal obligations or on the basis of Art. 6 para. 1 lit. f GDPR due to our legitimate interest. The legitimate interest in this case is the protection of the interests of our clients and the proper processing of the mandate.

4. Recipient of the data
Your data or the data of your employees are received by bodies, institutions or individuals. Recipients can be, in particular, authorities, offices, courts, but also experts, defendants of our clients or other parties involved. The transfer of data is based on our legitimate interest (Art. 6 para. 1 lit. f GDPR) in being able to process the mandate properly, so that data is only transferred to the extent necessary to safeguard this interest.

5. Storage duration
We will delete your data together with all mandate-related data after expiry of the statutory retention period for lawyers (pursuant to § 50 para. 1 BRAO 6 years after expiry of the calendar year in which the mandate was terminated), unless we are obliged to delete your data pursuant to Art. 6 para. 1 sentence 1 lit. c GDPR due to tax and commercial law retention and documentation obligations (from HGB, StGB or AO) or in notarial matters due to permission pursuant to Art. 6 Paragraph 1 Clause 1 lit. c and e GDPR to a longer storage (DONot), the storage according to § 24 Paragraph 1 No. 2 BDSG is necessary for the assertion, exercise or defence of civil law claims or you have consented to a storage beyond this according to Art. 6 Paragraph 1 Clause 1 lit. a GDPR.

IV.  Business contacts and their employees

In the following we inform you about how we process data of our business partners or employees of our business partners.

1. Scope of data processing
Within the scope of our business relationship with you as a business partner or employee of business partners, we process the data that we receive from you or your employer.

In particular, this concerns data that we receive when you or your colleagues have contact with our employees.

We process the following categories of data in this context:

  • professional contact and organization information: e.g., last name, first name, title, degree, gender, name of the company you work for, department, professional e-mail address, postal address, telephone number
  • data on professional circumstances: e.g. job title, tasks, activity, qualifications
  • other: In addition, we may process other data that you provide in the course of your interaction with our employees or that we have permissibly collected about you from publicly available sources (e.g. commercial register)

2. Purpose of data processing
Your data will be processed by us for the purpose of establishing and implementing the contractual relationship with our business partner as well as for fulfilling the legal requirements.

3. Legal basis of data processing
We process the data on the basis of the following legal bases:

  • if you are our business partner in person, the processing is carried out on the basis of Art. 6 para. 1 lit. b GDPR for the purpose of implementing or initiating a contract
  • for the purpose of fulfilling legal obligations, the processing is carried out on the basis of Art. 6 para. 1 lit. c GDPR in connection with legal and official requirements (e.g. tax and commercial law)
  • if you are an employee of one of our business partners, your data will be processed on the basis of our overriding legitimate interests in accordance with Art. 6 Para. 1 letter f GDPR. Our legitimate interest lies in the functioning and practicable cooperation with our business partners and the employees of our business partners

4. Recipient of the data
Within our firm, only those persons who need your data for the purposes described have access to it.

We also transfer your data to authorities (e.g. tax office, police, public prosecutor's office, social insurance agencies) or courts within the scope of their respective responsibilities if we are obliged to do so by law or by order. In these cases, too, data will only be transferred by us to the extent necessary for the respective purposes.

5. Storage duration
Your data will be stored by us for as long as we need it for the specific processing purpose. We regularly store your data at least for the duration of our business relationship with you or the business partner for whom you work.

In addition, we store certain data for the duration of statutory limitation periods (usually three years, in individual cases up to thirty years) and for as long as statutory retention periods (e.g. from the German Commercial Code, the German Fiscal Code) require it (but generally for a maximum of ten years).

Under certain circumstances, we may have to keep your data for a longer period of time. This is the case, for example, if in connection with an official or judicial procedure a ban on data deletion is ordered for the duration of the procedure.

V. Video conferencing Tools

To conduct video and audio conferences, webinars and other types of video and audio meetings, we use the Microsoft Teams ("MS Teams") video conferencing tool.

In the following, we will show you which data we process when you conduct or partake in a video or audio conference with us using the MS Teams video conferencing software.

1. Scope of data processing

  • Inventory data  (i.E.: names, addresses),
  • Contact details (i.E.: email adresses, phone numbers),
  • Content data (i.E.: text input, photographs, video recordings),
  • Meta- and Communication data (i.E. device information, IP adresses),
  • Transmission of video and audio during a video or audio conference

2. Purpose of data processing
The processing of the above-mentioned personal data serves the purpose of setting up and providing online meetings/video conferences as well as carrying them out within the framework of the client relationship.

3. Legal basis of data processing
If you have an established client relationship with us or if such a relationship is to be established, we process your data to fulfil our obligations arising from the client relationship. The legal basis is Art. 6 Para. 1 lit. b GDPR, insofar as the client is a natural person. If our client is a legal entity, we process employee data and data of other natural persons whose participation in the video/audio conference takes place within the scope of the mandate on the basis of our legitimate interests in efficient and secure communication with our communication partners in accordance with Art. 6 Para. 1 lit. f GDPR.

4. Recipient of the data
MS Teams is a cloud application provided to us by Microsoft Ireland Operations Ltd ("Microsoft"). In this context, Microsoft processes personal data in accordance with instructions on our behalf on the basis of an Agreement on order processing (Art. 28 GDPR). In addition, we have concluded a separate confidentiality agreement with Microsoft for professional secrecy holders, by which Microsoft acknowledges that the data processed by us is subject to special legal or notarial confidentiality.

We exclusively use MS Teams as a cloud application. We operate other data processing programs from Microsoft (e.g. Office) on our own servers (On Premise). Insofar as personal data is stored in the cloud when using MS Teams, the storage takes place exclusively in the European Union (dormant data).

However, data processed during the use of MS Teams may also be processed in third countries - especially if communication participants are not located in the EU. For these cases, Microsoft uses sub-processors (e.g. Microsoft Inc.) and provides sufficient data protection guarantees for any third country transfers in accordance with Art. 44 et seq. GDPR.

5. Storage duration
Your personal data that is processed by us in connection with the use of MS Teams is generally deleted as soon as it is no longer required for the purposes for which it was collected. We delete meta data after 30 days.

VI. Applicants

You can apply to us in response to our published job offers or send us an unsolicited application. In the following we will show you which data will be processed.

1. Scope of data processing
During the application process we process the following categories of data:

  • private contact and identification information: e.g., last name, first name, academic degree, gender, email address, postal address and telephone number
  • data on your professional qualifications, such as school and educational qualifications, language skills, as well as your place of study or training, certificates
  • if you send us your curriculum vitae, we will process the data given in it, such as photos of you or the existence of a driving licence, if applicable
  • any other data you may have provided in the application

Your application documents will be sent to the contact person named in the job advertisement and will be forwarded internally to other decision-supporting partners and employees responsible for the application process.

2. Purpose of data processing
Your data will be processed by us in order to check whether you are eligible for employment with us in the context of the applicant selection process.

3. Legal basis of data processing
The legal basis for data processing is § 26 para. 1 BDSG and art. 6 para. 1 lit. b GDPR (contract initiation). Any information that you provide voluntarily and which goes beyond the required amount will be processed in our legitimate interest (Art. 6 para. 1 lit. f GDPR) in being able to respond to your application in the best possible way. If, in individual cases, you provide information that we have no legal basis for processing, we will not process it.

4. Recipient of the data
Internally, only those persons who need your data for the above-mentioned purposes have access to it. These are primarily the responsible partners, responsible HR employees and all persons who are necessarily involved in the applicant selection process.

5. Storage duration
If an employment relationship is established with you, we will process your data for the purposes of the employment relationship in accordance with a separate data protection declaration, which you will then receive from us.

In the event that no employment relationship is established with you, we will generally store your data for a period of six months from the time of receipt of the rejection by you. Your application documents are then deleted.

VII. Social media profiles

No cookies from social media platform operators are integrated on our website (e.g. via plug-ins). However, we operate various social media profiles of our own in order to constantly improve our external appearance and to provide information on the respective social media platforms.

Below you will find information about the data processing by us on the individual social media platforms.

1. LinkedIn
Scope of data processing
You can interact with our profile on LinkedIn by following us, leaving comments on posts, marking posts we have posted with "I like", or sharing updates from us. In this case, we will receive a notification from LinkedIn that you have visited or interacted with our account. We can then see your profile name, your interaction and - if available - your profile picture. If you contact us through LinkedIn via direct messaging, we can see your user profile and message.

LinkedIn also provides us with information about visitors, followers, and updates to our LinkedIn site ("Page Insights"). This information is displayed on our administrator page. Both we and LinkedIn Ireland Unlimited Company (Wilton Place, Dublin 2, Ireland, "LinkedIn") are jointly responsible for the processing of your data in connection with this function on our LinkedIn site. In particular, LinkedIn is responsible for fulfilling your privacy rights in connection with Page Insights. However, you may still contact us to assert your rights.

Purpose of data processing
We process the data in order to be able to interact with you on your initiative and to read and respond to your request or notification.

We do not use the analysis function, but we cannot deactivate it, because LinkedIn does not provide this possibility.

Legal basis
We process your data on the basis of our legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR. Our legitimate interest consists in the interaction with you as described above.

Recipient of the data
Your data will be viewed by our employees who manage our LinkedIn account.

In addition, LinkedIn processes your data in accordance with its own privacy policy.

Provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland

Privacy Policy: https://www.linkedin.com/legal/privacy-policy

Opt-out on advertising: www.linkedin.com/psettings/guest-controls/retargeting-opt-out

Storage duration
We cannot delete your messages or other data because we do not have the authorization to do so. We do not actively use direct messages on LinkedIn to communicate with you - we prefer encrypted communication via e-mail. If you send us direct messages, we will delete them at the latest one year after receipt of your message.  

2. Xing
Scope of data processing
You can interact with our profile on Xing by sending us messages or marking posts from us with "I like". In this case, we will receive a notification from Xing that you have contacted us or interacted with our profile. We will then be able to see your profile name, your interaction and - if available - your profile picture.

Xing provides us with overviews and anonymised evaluation results on visitors and followers of our site over the last 30 days (function "profile analysis"). This includes, for example, anonymised information on company affiliation, industry, career levels and age groups. We and New Work SE (Dammtorstraße 30, 20354 Hamburg, Germany) are responsible for processing your data in connection with the profile analysis.

Purpose of data processing
We process the data in order to be able to interact with you on your initiative, in particular to read and respond to your request or notification.

We do not evaluate the data within the framework of the "profile analysis" function. However, we cannot deactivate this function, as Xing does not provide this option.

Legal basis
We process this data on the basis of our legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR. Our legitimate interest consists in the interaction with you as described above.

Recipient
Your data is viewed by our employees who manage our Xing account.

In addition, Xing processes your data in accordance with its own privacy policy.

Provider: New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany

Privacy policy: https://privacy.xing.com/en/privacy-policy

Opt-out regarding the analysis of visitor sessions: https://nats.xing.com/optout.html?popup=1ocale=de_DE

Storage duration
We cannot delete your messages or other data because we do not have the authorization to do so.

VIII. Your rights as a data subject

The following rights may be protected by the confidentiality of the mandate or the notaries' obligation to maintain confidentiality in accordance with Art. 23 GDPR in conjunction with § 29 BDSG. Provided there is no conflict with the mandate relationship, you have the following rights:

1. Right of access to information
You have the right to obtain free information on request about whether data concerning you are being processed and, if so, what data we process about you (Art. 15 GDPR). You may re-apply within a reasonable period of time. You also have the right to receive a copy of your data that is the subject of our processing.

2. Right of rectification
You may also request the correction of incorrect data concerning you in accordance with Art. 16 GDPR. You also have the right to request the completion of incomplete data concerning you, taking into account the purposes of the processing.

3. Right of Deletion
Under the conditions of Art. 17 GDPR, you can request the deletion of your data.

4. Right to limitation
You have the right to demand that we restrict processing if the requirements of Art. 18 GDPR are met. This is the case, for example, if the processing of your data is no longer necessary for our purposes, but you need it to assert, exercise or defend legal claims. If the processing of your data is restricted, these data - apart from being stored - may only be processed by us with your consent or in the special cases mentioned in Art. 18 para. 2 GDPR.

5. Right to data portability
Insofar as data provided by you is processed by us on the basis of Art. 6 para. 1 lit. b or lit. a GDPR (for contract initiation or fulfilment or on the basis of your consent) by means of automated procedures, you may, under the conditions of Art. 20 GDPR, request the surrender of this data in a structured, common and machine-readable format. In this case, you can also request that we transfer this data to another person responsible.

6. Right of withdrawal
If we process your data on the basis of your consent, you have the right to revoke your consent at any time with effect for the future (Art. 7 para. 3 GDPR).

7. Right of objection
If your data are processed by us on the basis of our predominant legitimate interest (Art. 6 Para. 1 letter f GDPR), you also have the right to object if your interests against data processing for reasons arising from your particular situation outweigh our interests in processing. In the event of an objection, we therefore ask you to inform us of your reasons for objecting to data processing.

8. Assertion of your data subject rights
To assert your rights as a data subject, please contact our data protection officer by e-mail or letter (contact details below).

9. Right of appeal to a data protection supervisory authority
If you suspect that your personal data are being processed unlawfully, you can lodge a complaint with a data protection supervisory authority, in particular in the member state where you are resident, your place of work or the place where the alleged infringement is taking place (Art. 77 GDPR).

IX. Contact and data protection officer

If you have any questions about this privacy policy or about the processing of your personal data by us, you can contact our data protection officer.

datenschutz nord GmbH
Konsul-Smidt-Str. 88
28217 Bremen

DatenschutzbeauftragterBMT@datenschutz-nord.de

Status: March 2024