Privacy policy

I. Name and contact details of the data controller and the data protection officer

Responsible for the processing of personal data at OPPENLÄNDER is:

OPPENLÄNDER Rechtsanwälte Partnerschaft mbB
Börsenplatz 1
70174 Stuttgart
Telephone: +49 (0)711 60187-0

The data protection officer of OPPENLÄNDER can be contacted at the postal address given above and by e-mail at datenschutz@oppenlaender.de.

II. Data processing for our website

The use of our website is generally possible without providing personal data. We collect your personal data only to the extent necessary to provide our website.

Personal data is processed in the following cases:

1. Accessing our website

When you visit our website, the system collects and stores information in server log files, which your browser automatically transmits to us. These are:

• IP address of the accessing device,
• Date and time of access,
• Name and URL of the retrieved file,
• notification as to whether the retrieval was successful,
• amount of data transferred,
• Referrer URL (website from which the access was made) or name of the access provider,
• browser and operating system used.

The data in the log files are always stored separately from other data; they are not merged with other data sources.

This data, insofar as it is personal data, is processed on the basis of Art. 6 para. 1 sentence 1 lit. f) GDPR to deliver the content of our website and to ensure the functionality of our information technology systems, to optimize our website and to evaluate system security and stability. The data is stored for a maximum period of seven days and then deleted.

2. Online registration for events

On our website or by means of individual communication (e.g. by e-mail, telephone, fax, etc.), you have various options to register online for selected events. To do so, you must provide your surname and first name, your e-mail address and your company in a registration form or in individual communication. You can optionally give further details (telephone number or position).

We process the data provided by you on the basis of Art. 6 para. 1 sentence 1 lit. b) or lit. f) GDPR in order to register you for participation in the desired event, to inform you of any changes regarding the time and location of the event and, if necessary, to send you the documents relating to the event in electronic form after the event.

In addition, we reserve the right to process the data you provide to us on the basis of Art. 6 para. 1 sentence 1 lit. f) GDPR to inform you by post about further events organized by OPPENLÄNDER Rechtsanwälte and about new legal developments and changes to the law. If you do not wish to receive event invitations or information letters from us any more, you can object to the processing of your data for these purposes at any time with effect for the future by sending a message to the contact details mentioned above (Section I) without giving reasons.
You can find more information on your right to object in accordance with Art. 21 GDPR in Section VIII.

3. Use of cookies

No cookies are used on our website. We do not track your visit to our website, nor do we create user profiles using pseudonyms.

III. Client-related data processing

Within the framework of the initiation of a mandate or the granting of a mandate, we collect personal data

• of the client or the contact persons designated by our client, in particular surname and first name as well as contact data (telephone number, e-mail address, fax) of the client or the contact persons;
• of third parties whose personal data are connected with the initiation of the mandate or the granting of the mandate, such as data of shareholders, business or contractual partners of the client, of consultants, of potential opponents in a legal dispute;
• of employees in the judiciary, such as authorities and courts, as well as
• of other parties involved, such as witnesses, experts, etc.

We process the data collected by us for the purposes of checking the conflict and deciding whether to accept the mandate, for processing the mandate, for invoicing, for defending against or settling any liability claims and for asserting any claims of our own arising from the mandate relationship.

Insofar as we do not receive the personal data directly from the person concerned, the data originate from our clients, from courts or authorities (such as pleadings, information, etc.), other third parties (such as witness statements, opinions of experts, etc.) or from publicly accessible sources (such as registers, websites, etc.).

The legal bases for processing are

• Art. 6 (1) sentence 1 lit. b) GDPR, insofar as personal data of a contractual partner (client) are processed and the processing is necessary for the acceptance and handling of the mandate as well as for the fulfillment of the mutual obligations arising from the mandate agreement.
• Art. 6 (1) sentence 1 lit. c) GDPR, insofar as the processing of your data is necessary for the fulfillment of legal obligations (for example, according to the Money Laundering Act, for the performance of collision checks, etc.).
• Art. 6 para. 1 sentence 1 lit. f) GDPR, insofar as the processing of your data is necessary to protect our legitimate interests, in particular to assert or defend legal claims arising from the mandate relationship.

The personal data collected by us will only be stored as long as this is necessary to achieve the purpose for which the data was collected. This is regularly no longer the case when the mandate has been concluded and possible warranty claims have expired and we are not obliged to store data beyond this period due to retention obligations resulting from the professional law of lawyers or from tax and commercial law regulations or you have not expressly consented to storage of the data beyond this period in accordance with Art. 6 Para. 1 Sentence 1 lit. a) GDPR.

If we have been granted permission to discuss individual mandates with the relevant industry services for commercial law firms (e.g. JUVE, Legal500, Chambers), we reserve the right to name clients or contact persons as reference persons and to transmit the surname and first name, company and position, postal address, e-mail address and telephone number of the reference person to the respective industry services. This data may be used by the industry services to contact the data subjects and ask them about their cooperation with OPPENLÄNDER. The legal basis for this is Art. 6 para. 1 sentence 1 lit. f) GDPR.

Personal data will only be published on our website in the context of reporting on individual mandates if the data subjects have expressly consented to this on the basis of Art. 6 para. 1 sentence 1 lit. a) GDPR.

IV. Data processing for direct marketing purposes

We reserve the right to process personal data provided to us within the scope of the client relationship – i.e. surname, first name, postal address and, if applicable, further information voluntarily provided to us (position, industry, legal fields) – in order to send our client or contact person invitations to relevant events of OPPENLÄNDER and information on new legal developments or general information by mail. The legal basis for this is Art. 6 para. 1 sentence 1 lit. f) GDPR.

We will only use the e-mail address provided to us for direct marketing purposes if the data subject has expressly consented to this. The legal basis for this is Art. 6 para. 1 sentence 1 lit. a) GDPR.

Each client or contact person can object to the processing of personal data relating to him for direct marketing purposes at any time, free of charge and with effect for the future, by sending a message to the contact details given under I. or via a link provided for this purpose in an e-mail sent by us, or by revoking his consent to this.

V. Data processing for job applications

In the case of applications to OPPENLÄNDER, we process the personal data provided to us by the applicant, in particular personal data (name, date and place of birth, photo if applicable and other personal details), address and contact details (address, e-mail, telephone, mobile), proof of qualifications (school reports, examinations and diplomas, job references, further training certificates) and CV data. The data will be processed exclusively for processing the application, in particular for carrying out the application process and for deciding whether to hire you at OPPENLÄNDER. The legal bases are § 26 para. 1 BDSG and Art. 6 para. 1 sentence 1 lit. b) GDPR.

VI. Data processing within the framework of the OPPENLÄNDER alumni network

We process the personal data provided to us by members of the OPPENLÄNDER alumni network, in particular name and contact details (including e-mail) and date of birth. The data is processed to send members invitations to OPPENLÄNDER events, an alumni newsletter and other messages. The legal basis is the consent of the members (Art. 6 para. 1 sentence 1 lit. a) GDPR in conjunction with § 26 para. 2 BDSG).

We use the so-called double opt-in procedure for registration: Only when you reply to a confirmation e-mail sent to the e-mail address you have provided will this e-mail address be added to our mailing list. This procedure is necessary to prevent your e-mail address from being used by third parties. We store your registration and confirmation e-mails as proof of consent. If you do not confirm your registration within 48 hours, we will delete your e-mail address. The storage of registration and confirmation e-mails during registration is based on our overriding legitimate interests in documenting the proper course of the registration process (Art. 6 para. 1 sentence 1 lit. f) GDPR). As an alternative to the double opt-in procedure, you can also register directly from your desired e-mail address. In this case, the registration e-mail will be stored as explained and justified above.

To send the e-mails, we use the mailing services of the service provider rapidmail GmbH, Wentzingerstraße 21, 79106 Freiburg, Germany. We have concluded a data processing agreement with rapidmail GmbH in accordance with Art. 28 GDPR.

If a member withdraws their consent for being part of the OPPENLÄNDER alumni network (e.g. by sending a simple e-mail to marketing@oppenlaender.de or in accordance with the unsubscribe instructions at the end of each newsletter), we will no longer send them any further newsletters, invitations or messages. This does not affect the legality of the processing carried out prior to the revocation. However, we may store the data provided and the receipt of the revocation for a period of up to 3 years on the basis of our overriding legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR) to be able to prove that the member has given their consent in the past and to ensure that they do not receive any further messages. In this case, the data is stored exclusively for the purpose of defending against any claims.

VII. Data processing for participation in events

We reserve the right to take photographs or video recordings at selected OPPENLÄNDER Rechtsanwälte events to capture impressions of the event. The images created will be processed exclusively for the purposes of event documentation and reporting on the event (e.g. in print media or on the OPPENLÄNDER Rechtsanwälte website). The legal basis for this is Art. 6 para. 1 sentence 1 lit. f GDPR. If a participant does not consent to being photographed during the event or being recognizable in the context of reporting on the event, this person can object to the processing of their data in accordance with Art. 21 para. 1 GDPR (see Section VIII.), e.g. by informing a contact person of OPPENLÄNDER Rechtsanwälte or the person taking the photographs directly on site.

VII. Transfer of personal data to third parties | third country transfer

A transfer of personal data to third parties – unless previously or else-where specified – is not carried out in principle. In particular, we do not pass on personal data to recipients based outside the European Union or the European Economic Area, unless such a transfer is necessary in connection with the processing of a client relationship or it takes place in consultation with the client or at the client’s express request. In this case, the data subject will be informed in detail about the processing of his/her personal data.

Insofar as this is necessary in accordance with Art. 6 Para. 1 Sentence 1 lit. b) GDPR for the processing of client relationships, personal data will be passed on to third parties. This includes in particular the disclosure to opposing parties and their representatives (in particular their lawyers) as well as courts and public authorities for the purpose of correspondence and the assertion and defense of our clients’ rights.

In some cases, we use external service providers for the processing of personal data within the scope of commissioned processing pursuant to Art. 28 GDPR (e.g. in the area of IT services, translations or file destruction). These service providers have been carefully selected and commissioned by us, are bound by our instructions and are regularly monitored.
At most, in exceptional cases and only within the framework of legal regulations, personal data will be passed on to supervisory and law enforcement authorities, insofar as this is necessary for the prevention and detection of fraud and other criminal offences. Legal bases for this are Art. 6 para. 1 sentence 1 lit. c) and f) GDPR.

IX. Data subject rights

Insofar as we process personal data, the data subjects are entitled to the following rights:

Right to object

Insofar as processing is based on Art. 6 (1) sentence 1 lit. f) GDPR (“legitimate purposes”), the data subject may object to the processing of his or her personal data in accordance with Art. 21 GDPR.

We will then no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or the processing serves to assert, exercise or defend legal claims.

The processing of personal data for advertising/marketing purposes can be objected to at any time – without giving reasons. The data concerned will then no longer be processed for advertising/marketing purposes.

Revocation of consent

Insofar as personal data has been provided to us on the basis of consent, data subjects have the right to revoke their consent under data protection law at any time without stating reasons by sending a message to the office named in Section I. This applies in particular to consent for advertising/marketing purposes. This applies in particular to consent to the processing of personal data for e-mail and telephone marketing. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the declared consent until the revocation.

Further data subject rights

In addition, data subjects may – if the respective legal requirements are met – claim the following rights:

• Right of access to personal data concerning them, the purposes of processing, the categories of data and their origin if the data were not collected directly, the categories of recipients of personal data, the planned storage period and the rights of data subjects (cf. Art. 15 GDPR);
• Right to rectification of inaccurate or incomplete personal data, insofar as the data about the data subject is not (or is no longer) accurate or incomplete (cf. Art. 16 GDPR);
• Right to erasure of personal data, in particular if the data is no longer necessary for the purposes for which it was collected and we are not obliged to retain the data due to legal or contractual requirements (cf. Art. 17 GDPR);
• Right to restrict the processing of personal data (cf. Art. 18 GDPR);
• Right to data portability with regard to the personal data provided to us by the data subject in a common, machine-readable format or to the transfer of such data to another controller (cf. Art. 20 GDPR).

In order to exercise the aforementioned rights, certain conditions must be met. For a better understanding and easier readability of the data subject rights, we have summarized them here in parts. If necessary, please refer to the original text or contact our data protection officer directly.

Right to lodge a complaint with the supervisory authority

Data subjects also have the right to lodge a complaint with a supervisory authority, in particular in the EU member state in which the data subject has his or her habitual residence or place of work or in which an alleged violation of applicable data protection laws has occurred (cf. Art. 77 of the GDPR). The supervisory authority responsible for us is the:

State Commissioner for Data Protection and Freedom of Information
Baden-Württemberg
Lautenschlagerstrasse 20
70173 Stuttgart
E-mail: poststelle@lfdi.bwl.de.

X. Data security | Encryption of e-mail communication

We take appropriate technical security measures to protect the data entrusted to us from loss, destruction, disclosure and access by unauthorized persons and always adapt these measures to technical developments.

In particular, we offer our clients the standard option of exclusively using encryption for mandate-related communication by e-mail. However, we require the cooperation of our clients in this regard. The technical details are summarized in a separate information sheet.

XI. Links to third-party websites

We provide links to websites of other providers not affiliated with us (third parties). We do not have any influence on what data is processed by these providers when you click on these links. As the data processing by third parties is beyond our control, we cannot accept any responsibility for it. For more information on the processing of your data by these third parties, please consult the data protection information of the respective provider.