Privacy policy

We hereby inform you about the processing of your personal data (“Data”) when you visit our website or our social media profiles, when you contact us, when you have a mandate or other business relationship with us or when you apply for a job with us.

Responsible for data processing:

LOYFORT Rechtsanwaltsgesellschaft mbH & Co. KG
Hansator 17, 28217 Bremen
kontakt@loyfort.de

In deviation from this, the respective notary is responsible in notarial matters

Dr Monika Beckmann-Petey
Mark-Bernhard von Busse
Dr Michael Heil
Dieter Janßen
Dr Philipp Reinhold
Dr Heinz August Schmidt

each located at
Hansator 17, 28217 Bremen
kontakt@loyfort.de

You can reach out to our data protection officer at: office@datenschutz-nord.de

 

Content:

  • Use of our website
  • Clients and Contacts
  • Mandate-related contacts
  • Business contacts and their employees
  • Applicants
  • Social media profiles
  • Your rights as data subject
  • Contact and data protection officer

I. Use of our website

In this section we inform you about the processing of your data when you visit our website.

1. Scope of data processing

  1. When you call up our website, the following data is transferred to our web server and stored in a log file:
  • IP address
  • date and time of the respective access to a page of the website
  • amount of data transferred to your device
  • files accessed via the homepage
  • URL of the page/homepage from which you reached our website
  • the browser you use (type and version)
  • the operating system you use (type and version)

We also use JavaScript to display our website. Therefore the web server checks whether JavaScript is activated in your browser.

2. Cookies and analysis tools

We attach great importance to data protection. In order to continuously improve our website, we therefore use the analysis tool Plausible Analytics. This tool neither sets cookies nor stores or processes personal data in any way. You can find more information here:

https://plausible.io/
https://plausible.io/privacy-focused-web-analytics

3. Purposes of data processing

The processing of this data is necessary to display the contents of the website on your device in the best possible way. We also process this data to investigate and track attacks on our IT.

4. Legal basis of data processing

This data is processed in accordance with Art. 6 Para. 1 letter f GDPR due to our legitimate interest in being able to show you the website and track attacks on our IT.

5. Recipient of the data

We use an external IT service provider, dogado GmbH, Antonio-Segni-Straße 11, 44263 Dortmund, Germany, to provide the website. This service provider processes your data exclusively in accordance with our instructions and on the basis of a contract for order processing in accordance with Art. 28 GDPR.

6. Storage duration

The log data is stored for a period of seven days and then deleted, unless it is exceptionally necessary to keep it longer to follow up an identified attack.

 

II. Clients and Contacts

In this section we inform you about the processing of data by us, if you mandate or contact us.

  1. Scope of data processing
    When you mandate or contact us, we collect the following data:
  • salutation, title, first name, last name
  • if applicable, the name and designation of the company or institution in which you work
  • if applicable, your job title or professional training, your e-mail addresses for the processing of the mandate (mostly professional, if applicable also private) as well as the names and e-mail addresses of the employees or contact persons notified by you or required for the processing of the mandate
  • your address (business and private if applicable)
  • your telephone number(s) (fixed and/or mobile), fax numbers
  • information on facts and data necessary for the assertion and exercise of your rights within the scope of the mandate or for the handling of a notarial matter
  • any correspondence arising within the framework of the mandate or the contact and the personal data contained therein
  • all data collected for the purpose of billing our services (activity reports, if necessary with contact persons of telephone calls or meetings) including account details and, if necessary, your tax identification number
  • in individual cases, further data required under the Money Laundering Act, in particular the date and place of birth, nationality, a copy of your identity card or passport, data on your beneficial ownership and information on whether you or a beneficial owner in your mandate or their immediate family members or persons close to you are a politically exposed person
  1. Scope of data processing when using our contact form

If you contact us via the contact form on our homepage, we collect, in addition to the data mentioned above under 1.1. and 2.1., data that you enter in the contact form as well as the date and time of your contact request.

  1. Purpose of data processing
    The processing of your aforementioned personal data is carried out in response to your mandate and is necessary for the legal and appropriate processing of your mandate and the mutual fulfilment of obligations arising from the mandate relationship or for the completion of a notarial procedure. Furthermore, we process the data for correspondence with you, the parties to the mandate, opponents and involved courts or authorities as well as for invoicing. The processing of the above-mentioned data may already be necessary in part for collision checking prior to the mandate.
  2. Legal basis
    The legal basis for the processing of data in response to the mandate is Art. 6 para. 1 lit. b GDPR, insofar as the person seeking contact or client is a natural person. If our client is a legal entity, we process employee data in accordance with Art. 6 para. 1 letter f GDPR on the basis of our legitimate interest in being able to process and fulfil the mandate. Otherwise we process you data if you contact us in accordance with Art. 6 para. 1 letter f GDPR on the basis of our legitimate interest in being able to answer your request.

We process your data for the money laundering audit on the basis of a legal obligation and thus in accordance with Art. 6 para. 1 lit. c GDPR in conjunction with the Money Laundering Act.

In the processing of notarial transactions the legal basis is Art. 6 Paragraph 1 lit. c and e GDPR.

  1. Recipient of the data, transfer to third countries
    Insofar as this is necessary in accordance with Art. 6 Para. 1 Clause 1 lit. b GDPR for the handling of client relationships or for the handling of a notarial procedure (Art. 6 Para. 1 lit. c and e GDPR) with you, your personal data will be passed on to third parties. This includes in particular the passing on of data to the opposing party, in notarial matters to parties to the proceedings or documents, and their representatives (in particular their lawyers) as well as courts, public registers and other public authorities for the purpose of correspondence and for the assertion and exercise of your rights. Third parties are legally obliged to use the data passed on exclusively to the extent required or necessary for the purposes mentioned above.

Beyond this, data will only be passed on if you, as the person concerned, give your consent (Art. 6 Para. 1 lit. a GDPR) or if we, as the persons responsible in accordance with Art. 6 Para. 1 sentence 1 lit. c GDPR, are legally obliged to pass on the data, for example to tax and revenue authorities in the course of corresponding audits.

Within the scope of our tax obligations, we use the services of a tax advisor. Only if it is necessary for tax law reasons, the tax advisor may inspect personal data (e.g. on fee invoices). The tax consultant is already obliged to protect your data as a result of his professional duty of confidentiality.

We use service providers who are strictly bound by instructions and who support us e.g. in the areas of IT or the archiving and destruction of documents. Separate contracts for commissioned data processing in accordance with Art. 28 DSGVO have been concluded with these service providers.

We may transfer data to countries outside the EU and the European Economic Area (“third countries”) if, for example, you communicate with us from a third country or via e-mail providers in a third country (such as Google or Microsoft in the context of Office 365). It may also be made if the mandate concerns a matter in third countries and therefore requires communication with parties in the third countries. In these cases, the communication in third countries is carried out on the basis of Art. 49 (1) lit. b GDPR.

Your data will not be transferred to third parties for purposes other than those listed.

The attorney-client confidentiality remains unaffected, as does the obligation of our notaries to maintain confidentiality. Insofar as data is subject to the attorney-client privilege, it will only be passed on to third parties with your express consent (Art. 6 para. 1 lit. a GDPR), or insofar as this is necessary for the representation of legitimate interests, e.g. for the enforcement or defence of claims arising from the client relationship or for defence in one’s own case (Art. 6 para. 1 lit. f GDPR).

  1. Storage duration
    The data collected by us in the course of the mandate as well as the processing of the mandate will be stored until the expiry of the statutory retention period for lawyers (pursuant to Section 50 (1) BRAO 6 years after the end of the calendar year in which the mandate was terminated), and deleted thereafter, unless we are obliged to retain the data pursuant to Art. 6 (1) sentence 1 lit. c GDPR due to tax and commercial law storage and documentation obligations (from HGB, StGB or AO) or in notarial matters due to permission in accordance with Art. 6 Paragraph 1 Clause 1 lit. c and e GDPR, we are obliged to store the data for a longer period (DONot), the storage in accordance with § 24 Paragraph 1 Point 2 BDSG is necessary for the assertion, exercise or defence of civil law claims or you have consented to storage beyond this in accordance with Art. 6 Paragraph 1 Clause 1 lit. a GDPR. Furthermore, data that we collect on the basis of the Money Laundering Act will be deleted after 5 years in accordance with Section 5 (4) GWG.

 

III. Mandate-related contacts

In the following, we inform you about how we process your data for the purpose of a mandate if you are not our client but, for example, a witness, family member or authority employee.

  1. Scope of data processing
    We process data which we receive from you when we contact you on the basis of a client relationship and which we need to process our mandate. This may include the following data:
  • salutation, title, first name, last name
  • if applicable, the name and designation of the company or institution in which you work
  • if applicable, your job title or professional training, your e-mail addresses for the processing of the mandate (professional or, if applicable, private) as well as the names and e-mail addresses of the employees or contact persons you have provided or who are necessary for the processing of the mandate
  • your address (business or private if applicable)
  • your telephone number(s) (fixed and/or mobile), fax numbers
  • information on facts and data necessary for the assertion and exercise of our client’s rights or for the handling of a notarial matter
  • any correspondence arising in the course of this communication with the personal data contained therein

If and insofar as required on the basis of the Money Laundering Act (GwG) for the purposes of preventing money laundering and terrorist financing and the mandate is a catalog transaction within the meaning of Section 10 (1) No. 10 GwG, the first name and surname and, if applicable, place of birth, date of birth, nationality, residential address of contractual partners and of any representatives acting on their behalf and of the beneficial owners shall also be processed (Section 10 (1) No. 1, Section 11 (4) and (5) GwG).

  1. Purpose of data processing
    Your data will be processed for the purpose of carrying out the mandate and protecting the interests of our clients as well as for the fulfillment of legal obligations.
  2. Legal basis of data processing
    We process your data either on the basis of Art. 6 para. 1 lit. c GDPR due to legal obligations or on the basis of Art. 6 para. 1 lit. f GDPR due to our legitimate interest. The legitimate interest in this case is the protection of the interests of our clients and the proper processing of the mandate.
  3. Recipient of the data
    Your data or the data of your employees are received by bodies, institutions or individuals. Recipients can be, in particular, authorities, offices, courts, but also experts, defendants of our clients or other parties involved. The transfer of data is based on our legitimate interest (Art. 6 para. 1 lit. f GDPR) in being able to process the mandate properly, so that data is only transferred to the extent necessary to safeguard this interest.
  4. Storage duration
    We will delete your data together with all mandate-related data after expiry of the statutory retention period for lawyers (pursuant to § 50 para. 1 BRAO 6 years after expiry of the calendar year in which the mandate was terminated), unless we are obliged to delete your data pursuant to Art. 6 para. 1 sentence 1 lit. c GDPR due to tax and commercial law retention and documentation obligations (from HGB, StGB or AO) or in notarial matters due to permission pursuant to Art. 6 Paragraph 1 Clause 1 lit. c and e GDPR to a longer storage (DONot), the storage according to § 24 Paragraph 1 No. 2 BDSG is necessary for the assertion, exercise or defence of civil law claims or you have consented to a storage beyond this according to Art. 6 Paragraph 1 Clause 1 lit. a GDPR.

 

  1. Business contacts and their employees

In the following we inform you about how we process data of our business partners or employees of our business partners.

  1. Scope of data processing
    Within the scope of our business relationship with you as a business partner or employee of business partners, we process the data that we receive from you or your employer.

In particular, this concerns data that we receive when you or your colleagues have contact with our employees.

We process the following categories of data in this context:

  • professional contact and organization information: e.g., last name, first name, title, degree, gender, name of the company you work for, department, professional e-mail address, postal address, telephone number
  • data on professional circumstances: e.g. job title, tasks, activity, qualifications
  • other: In addition, we may process other data that you provide in the course of your interaction with our employees or that we have permissibly collected about you from publicly available sources (e.g. commercial register)
  1. Purpose of data processing
    Your data will be processed by us for the purpose of establishing and implementing the contractual relationship with our business partner as well as for fulfilling the legal requirements.
  2. Legal basis of data processing
    We process the data on the basis of the following legal bases:
  • if you are our business partner in person, the processing is carried out on the basis of Art. 6 para. 1 lit. b GDPR for the purpose of implementing or initiating a contract
  • for the purpose of fulfilling legal obligations, the processing is carried out on the basis of Art. 6 para. 1 lit. c GDPR in connection with legal and official requirements (e.g. tax and commercial law)
  • if you are an employee of one of our business partners, your data will be processed on the basis of our overriding legitimate interests in accordance with Art. 6 Para. 1 letter f GDPR. Our legitimate interest lies in the functioning and practicable cooperation with our business partners and the employees of our business partners
  1. Recipient of the data
    We also transfer your data to authorities (e.g. tax office, police, public prosecutor’s office, social insurance agencies) or courts within the scope of their respective responsibilities if we are obliged to do so by law or by order. In these cases, too, data will only be transferred by us to the extent necessary for the respective purposes.
  2. Storage duration
    Your data will be stored by us for as long as we need it for the specific processing purpose. We regularly store your data at least for the duration of our business relationship with you or the business partner for whom you work.

In addition, we store certain data for the duration of statutory limitation periods (usually three years, in individual cases up to thirty years) and for as long as statutory retention periods (e.g. from the German Commercial Code, the German Fiscal Code) require it (but generally for a maximum of ten years).

Under certain circumstances, we may have to keep your data for a longer period of time. This is the case, for example, if in connection with an official or judicial procedure a ban on data deletion is ordered for the duration of the procedure.

  1. Applicants

You can apply to us in response to our published job offers or send us an unsolicited application. In the following we will show you which data will be processed.

  1. Scope of data processing
    During the application process we process the following categories of data:
  • private contact and identification information: e.g., last name, first name, academic degree, gender, email address, postal address and telephone number
  • data on your professional qualifications, such as school and educational qualifications, language skills, as well as your place of study or training, certificates
  • if you send us your curriculum vitae, we will process the data given in it, such as photos of you or the existence of a driving licence, if applicable
  • any other data you may have provided in the application

Your application documents will be sent to the contact person named in the job advertisement and will be forwarded internally to other decision-supporting partners and employees responsible for the application process.

  1. Purpose of data processing
    Your data will be processed by us in order to check whether you are eligible for employment with us in the context of the applicant selection process.
  2. Legal basis of data processing
    The legal basis for data processing is § 26 para. 1 BDSG and art. 6 para. 1 lit. b GDPR (contract initiation). Any information that you provide voluntarily and which goes beyond the required amount will be processed in our legitimate interest (Art. 6 para. 1 lit. f GDPR) in being able to respond to your application in the best possible way. If, in individual cases, you provide information that we have no legal basis for processing, we will not process it.
  3. Recipient of the data
    Internally, only those persons who need your data for the above-mentioned purposes have access to it. These are primarily the responsible partners, responsible HR employees and all persons who are necessarily involved in the applicant selection process.
  4. Storage duration
    If an employment relationship is established with you, we will process your data for the purposes of the employment relationship in accordance with a separate data protection declaration, which you will then receive from us.

In the event that no employment relationship is established with you, we will generally store your data for a period of six months from the time of receipt of the rejection by you. Your application documents are then deleted.

 

VII. Social media profiles

No cookies from social media platform operators are integrated on our website (e.g. via plug-ins). However, we operate various social media profiles of our own in order to constantly improve our external appearance and to provide information on the respective social media platforms.

Below you will find information about the data processing by us on the individual social media platforms.

  1. LinkedIn
    Scope of data processing
    You can interact with our profile on LinkedIn by following us, leaving comments on posts, marking posts we have posted with “I like”, or sharing updates from us. In this case, we will receive a notification from LinkedIn that you have visited or interacted with our account. We can then see your profile name, your interaction and – if available – your profile picture. If you contact us through LinkedIn via direct messaging, we can see your user profile and message.

LinkedIn also provides us with information about visitors, followers, and updates to our LinkedIn site (“Page Insights”). This information is displayed on our administrator page. Both we and LinkedIn Ireland Unlimited Company (Wilton Place, Dublin 2, Ireland, “LinkedIn”) are jointly responsible for the processing of your data in connection with this function on our LinkedIn site. In particular, LinkedIn is responsible for fulfilling your privacy rights in connection with Page Insights. However, you may still contact us to assert your rights.

Purpose of data processing
We process the data in order to be able to interact with you on your initiative and to read and respond to your request or notification.

We do not use the analysis function, but we cannot deactivate it, because LinkedIn does not provide this possibility.

Legal basis
We process your data on the basis of our legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR. Our legitimate interest consists in the interaction with you as described above.

Recipient of the data
Your data will be viewed by our employees who manage our LinkedIn account.

In addition, LinkedIn processes your data in accordance with its own privacy policy.

Provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland

Privacy Policy: https://www.linkedin.com/legal/privacy-policy

Opt-out on advertising: www.linkedin.com/psettings/guest-controls/retargeting-opt-out

Storage duration
We cannot delete your messages or other data because we do not have the authorization to do so. We do not actively use direct messages on LinkedIn to communicate with you – we prefer encrypted communication via e-mail. If you send us direct messages, we will delete them at the latest one year after receipt of your message.

  1. Xing
    Scope of data processing
    You can interact with our profile on Xing by sending us messages or marking posts from us with “I like”. In this case, we will receive a notification from Xing that you have contacted us or interacted with our profile. We will then be able to see your profile name, your interaction and – if available – your profile picture.

Xing provides us with overviews and anonymised evaluation results on visitors and followers of our site over the last 30 days (function “profile analysis”). This includes, for example, anonymised information on company affiliation, industry, career levels and age groups. We and New Work SE (Am Strandkai 1, 20457 Hamburg, Germany) are responsible for processing your data in connection with the profile analysis.

Purpose of data processing
We process the data in order to be able to interact with you on your initiative, in particular to read and respond to your request or notification.

We do not evaluate the data within the framework of the “profile analysis” function. However, we cannot deactivate this function, as Xing does not provide this option.

Legal basis
We process this data on the basis of our legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR. Our legitimate interest consists in the interaction with you as described above.

Recipient
Your data is viewed by our employees who manage our Xing account.

In addition, Xing processes your data in accordance with its own privacy policy.

Provider: New Work SE, Am Strandkai 1, 20457 Hamburg, Germany

Privacy policy: https://privacy.xing.com/en/privacy-policy

Opt-out regarding the analysis of visitor sessions: https://nats.xing.com/optout.html?popup=1ocale=de_DE

Storage duration
We cannot delete your messages or other data because we do not have the authorization to do so.

 

VIII. Your rights as a data subject

The following rights may be protected by the confidentiality of the mandate or the notaries’ obligation to maintain confidentiality in accordance with Art. 23 GDPR in conjunction with § 29 BDSG. Provided there is no conflict with the mandate relationship, you have the following rights:

  1. Right of access to information
    You have the right to obtain free information on request about whether data concerning you are being processed and, if so, what data we process about you (Art. 15 GDPR). You may re-apply within a reasonable period of time. You also have the right to receive a copy of your data that is the subject of our processing.
  2. Right of rectification
    You may also request the correction of incorrect data concerning you in accordance with Art. 16 GDPR. You also have the right to request the completion of incomplete data concerning you, taking into account the purposes of the processing.
  3. Right of Deletion
    Under the conditions of Art. 17 GDPR, you can request the deletion of your data.
  4. Right to limitation
    You have the right to demand that we restrict processing if the requirements of Art. 18 GDPR are met. This is the case, for example, if the processing of your data is no longer necessary for our purposes, but you need it to assert, exercise or defend legal claims. If the processing of your data is restricted, these data – apart from being stored – may only be processed by us with your consent or in the special cases mentioned in Art. 18 para. 2 GDPR.
  5. Right to data portability
    Insofar as data provided by you is processed by us on the basis of Art. 6 para. 1 lit. b or lit. a GDPR (for contract initiation or fulfilment or on the basis of your consent) by means of automated procedures, you may, under the conditions of Art. 20 GDPR, request the surrender of this data in a structured, common and machine-readable format. In this case, you can also request that we transfer this data to another person responsible.
  6. Right of withdrawal
    If we process your data on the basis of your consent, you have the right to revoke your consent at any time with effect for the future (Art. 7 para. 3 GDPR).
  7. Right of objection
    If your data are processed by us on the basis of our predominant legitimate interest (Art. 6 Para. 1 letter f GDPR), you also have the right to object if your interests against data processing for reasons arising from your particular situation outweigh our interests in processing. In the event of an objection, we therefore ask you to inform us of your reasons for objecting to data processing.
  8. Assertion of your data subject rights
    To assert your rights as a data subject, please contact our data protection officer by e-mail or letter (contact details below).
  9. Right of appeal to a data protection supervisory authority
    If you suspect that your personal data are being processed unlawfully, you can lodge a complaint with a data protection supervisory authority, in particular in the member state where you are resident, your place of work or the place where the alleged infringement is taking place (Art. 77 GDPR).

 

  1. Contact and data protection officer

If you have any questions about this privacy policy or about the processing of your personal data by us, you can contact our data protection officer.

datenschutz nord GmbH
Konsul-Smidt-Str. 88
28217 Bremen

office@datenschutz-nord.de