Privacy Policy

KANZLEI KIDZA processes personal data only in accordance with legal requirements, in particular the EU Data Protection Regulation (GDPR) and the German Federal Data Protection Act (Bundesdatenschutzgesetz or BDSG).

This privacy policy contains the basic information how we process personal data, information on recipients of your personal data within the EEA and third countries, deletion of your personal data and retention periods, your rights as a data subject and automated decision making.

1. Controller

Controller in the meaning of data protection law: Dr. Zacharias Kidza, Rothenbaumchaussee 73, 20148 Hamburg, info@recht.legal; for further information refer to our imprint page https://recht.legal/impressum..

2. Website Visit

When you visit our website (https://recht.legal), we collect personal data to enable your use (“Usage Data”) to the extent described in section 2.1. In addition, personal data may be processed for other purposes as described under 2.2 et seq. Please find below information on legal basis, purposes and, if applicable, legitimate interests and the necessity of processing your personal data.

2.1 Data Processing to Enable the Use of the Website

Usage Data includes your IP address and information on start, end, your use of the website and identification data. It also includes technical data transmitted by your browser such as browser type / browser version, previously visited website (referrer URL), monitor resolution, operating system, if applicable device information (e.g. device type) etc. We process these data for the provision and demand-oriented design of this website in our legitimate interest (Art. 6(1)(f) GDPR). If you are interested in detailed information on the balancing of your and our interests, please refer to the addresses in section 1.

2.2 Social Networks

Our website contains links to social networks (Twitter, LinkedIn). These services are operated exclusively by third parties. If you follow the links, information may be transferred to these providers. The purpose and scope of the data processing by the provider as well as your rights and setting options for the protection of your privacy can be found in the privacy policy of the provider:

Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
https://policies.google.com/privacy

LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA
http://www.linkedin.com/legal/privacy-policy/

Twitter, Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA
https://twitter.com/privacy/

2.3 Contact Form

We process your personal data when you use our contact form.

If you contact us via the contact form provided, your details will be stored in order to respond to your enquiry. If you personally have a client relationship with us, or if you are enquiring about our services, the legal basis is either the performance of or preparations to enter into a contract (Art. 6(1)(b) GDPR. In all other cases, the legal basis is our legitimate interest in providing a contract form (Art. 6(1)(f) GDPR). You are neither obliged to contact us via the contact form nor to provide personal data. If you do not provide your personal information, we may not be able to process your request. Otherwise there will be no consequences for you. If you are interested in detailed information on the balancing of your and our interests, please refer to the addresses in section 1.

3. Conclusion and Performance of Contracts

Insofar as it is necessary order to conclude or to perform contracts with you (e.g. attorney mandate;), we process your personal data. Please find below information on legal basis, purposes and the necessity of processing your personal data.

The legal basis for processing your personal Data for this purpose is Art. 6(1)(b)GDPR. We process your personal data to establish and carry out the contractual relationship. This requires provision of your personal data. You are not obliged to provide your personal data, but if you do not provide it, it may not possible to establish and carry out the contractual relationship. Otherwise there will be no consequences for you.

In addition, we also process data of persons with whom no (direct) client relationship exists, insofar as this is necessary for the initiation or execution of client relationships. For example, we may process your data if you are a representative, contact person or employee of a company that is our client. In this case, the legal basis is our legitimate interest in the initiation or execution of the respective client relationship (Art. 6(1)(f) GDPR).

As we advise on criminal- and tax law, we do not normally process special types of personal data within the meaning of Art. 9(1) GDPR. However, if processing of special types of personal data is exceptionally necessary for the purposes mentioned in this Section 3 (e.g. processing of health data in connection with claims for damages), the legal basis is the assertion, exercise or defence of legal claims (Art. 9(2)(f) GDPR).

4. Pursuit of our clients’ interests against you; other participation as a third party in a client relationship

If we pursue the interests or claims of our clients against you (or against a company whose representative or contact person you are) in or out of court, we may process your personal data in the course of this. The same applies if you (or a company of which you are a representative, employee or contact person) are involved in other judicial or extrajudicial proceedings (e.g. as a business or negotiating partner, as a party invited to a meeting, as a fellow party in a dispute, or as an employee of an authority or court) and the processing is necessary for the execution of the mandate relationship.

The legal basis for the processing of your personal data in this context is Art. 6(1)(f) GDPR. Our legitimate interest is to effectively implement the interests and claims of our clients. This interest also requires the direct contact and the collection of data from claimants, potential witnesses and other third parties relevant to the case.

As we advise in Criminal- and Tax law, we do not usually process special types of personal data in the sense of Art. 9(1) GDPR. However, if processing of special types of personal data is, as an exception, necessary for the purposes mentioned in this Section 4 (e.g. processing of health data in connection with claims for damages), the legal basis is processing for the purpose of asserting, exercising or defending legal claims (Art. 9(2)(f) GDPR).

In this context, data will only be passed on to third parties to the extent that this is necessary for the execution of the mandate and insofar as further legal prerequisites to be observed exist.

5. Internet video telephony

You may receive an invitation from us by e-mail or otherwise to a meeting, telephone call or Internet video telephony meeting using software provided by a third party. If you participate in such meetings, information may be transmitted to the respective provider.

The legal basis for the processing of your personal data in this context is Art. 6(1)(b) GDPR (if we hold the meeting for the purpose of carrying out a contractual relationship with you) or Art. 6 (1)(f) GDPR (if we hold the meeting for other business purposes); in the latter case, there is a legitimate interest in being able to use functional and widely used tools for video conferences and the associated Voice over IP telephony in order to be able to communicate efficiently with external partners.

We do not record video conferences and telephone conferences. Video conferences are secured according to the state of the art, but are not encrypted end-to-end.

As far as we use the service “Microsoft Teams” for the technical implementation, the following applies: The service provider used by us is Microsoft (Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA). On our behalf, Microsoft processes personal data of the participants, in particular the IP address, the contents of the conversation, e-mail addresses, names and, if applicable, other service-related data, and stores these for the duration of the video conference or, if you use Microsoft Teams in addition, for the duration of the use. Microsoft is duly bound by us as a processor to comply with the privacy policy. The provider may also process the data outside the European Economic Area. In order to ensure a level of data protection that complies with the EU General Data Protection Regulation (GDPR), we have concluded Standard Contractual Clauses with Microsoft in accordance with the resolution of the EU Commission (2010/87/EU). You can find more detailed information on processing by Microsoft at: https://docs.microsoft.com/de-de/microsoftteams/teams-privacy.

If we use a different provider, you can find more information about the purpose and scope of data collection and the further processing and use of data by the provider, as well as your rights and settings options for protecting your privacy, in the data protection notices of the respective provider.

6. Transfer to Recipients of Personal Data within the EEA

We will only pass on the personal data described here where necessary for the provision of our service or otherwise allowed by the law. Within the scope of the purposes stated here, personal data are transferred to service providers involved in the provision of our services. In addition to their legal obligation to comply with all data protection regulations, these service providers are bound to additional contractual data protection requirements. This includes in particular contractual obligations as a processor in accordance with Art. 28 GDPR.

In particular, we transfer personal data to the following categories of service providers:

accounting, financial institutions and tax advice;
IT service and infrastructure,
IT support and maintenance;
data destruction and facility services;
in addition to the categories already mentioned, further categories of service providers may exist or be added at any time;
providers of internet-based videoconferencing services.

In other cases, we transfer personal data to recipients only if a there is a legal justification or you have expressed your consent. Any consent given can be revoked at any time with effect for the future. We will only disclose your data to government authorities within the framework of statutory obligations or as a result of an official order or court decision and only insofar as this is permitted under data protection law.

7. Transfer to Recipients of Personal Data in States outside the EEA

In individual cases we may also transfer personal data to recipients outside the EEA. This is in particular the case if we have to transfer this data to recipients in third countries for the purposes of contract performance, due to legal obligations or if necessary for the establishment, exercise or defence of legal claims.

If we transfer data to third countries, we make sure, the recipient has implemented an appropriate level of data protection within the meaning of Art. 45 GDPR or suitable guarantees within the meaning of Art. 46(2) and (3) GDPR and there are no other interests worthy of protection against the data transfer.

8. Deletion

We delete your personal data as soon as it is no longer necessary for the aforementioned purposes of processing. We also delete your personal data if you object to a certain processing of data that is based on legitimate interests, unless there are compelling reasons for KANZLEI KIDZA to continue processing. We also delete your data if you revoke your consent to the processing and if there is no other legal basis for processing. In certain cases, e.g. if there is a statutory retention period, your data will initially be blocked and deleted upon expiry of the retention period.

Job Application-related data is retained until a decision is made and then deleted after a maximum of six months or, in the event of a successful application, transferred to your personnel file.

9. Your Rights

As a data subject of the data processing, you have the right to confirmation as to whether personal data relating to you are processed by KANZLEI KIDZA and the right to access this personal data (Art. 15 GDPR), a right to rectification of your incorrect data (Art. 16 GDPR), a right to erasure (Art. 17 GDPR) and a right to restrict (block) your data (Art. 18 GDPR).

In addition, in the case of processing on the basis of Article 6(1)(e) or (f) GDPR, you may object to the processing (Art. 21 GDPR). If you have provided the data, you can request the transmission of the data (Art. 20 GDPR). Whether and to what extent these rights are effective in individual cases and under what conditions they apply is stipulated by law. If the processing is based on a consent within the meaning of Art. 6(1) a) or Art. 9(2)(a) GDPR, you can revoke consent at any time with effect for the future (Art. 7(3)(1) GDPR). You also have the right to contact the competent data protection supervisory authority (Art. 77 GDPR).

If you have any questions or complaints about data protection please contact us (see contact details under section 1).

10. No automated individual Decision-Making

We do not use your personal data for automated individual decisions in the meaning of Art. 22(1) GDPR.