Data Protection Statement

1. Preliminary remarks
In this Data Protection Statement, we wish to inform you about the way your personal data are handled by the law firm of Weiland Rechtsanwälte. The Data Protection Statement serves to inform you about the collection and use of your data while visiting our website and using the services offered there, as well as about the handling of your personal data as part of the mandate conferred on us, in particular about your rights in terms of data protection law.

When processing your personal data, we naturally comply with the applicable data protection provisions, in particular the European General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG) and the German Telemedia Act (TMG).

We are very much aware that the protection of your privacy is an important concern in connection with the mandate conferred on us or when you visit our website. We are very committed to your concerns. For this reason, we wish to inform you about which data concerning you we save, when we save them, and how we use them. With this Data Protection Statement, we not only want to comply with our legal obligations, but also inform you about our data protection measures. You can also contact our Data Protection Officer named below at any time.

The General Data Protection Regulation protects personal data. Pursuant to Article 4(1) GDPR, this means any information relating to an identified or identifiable natural person, such as name, address or date of birth, and telephone number or IP address.

2. Controller / Contact with Data Protection Officer
Weiland Rechtsanwälte, Am Kaiserkai 62, 20457 Hamburg, Email: info@weiland-rechtsanwaelte.de

Data Protection Officer: Rechtsanwalt Dr Dietmar Buchholz (lawyer): Email: dbuchholz@weiland-rechtsanwaelte.de

3. Contact/Registration
When you contact us by visiting our website, or by telephone, email or contact form, the information you provide will be saved by us pursuant to point (a) of Article 6(1) GDPR to allow us to process your request and any follow-up correspondence with you.

The contact with us will be recorded to be able to show that the contact was established in accordance with the legal requirements of the GDPR. Pursuant to point (f) of Article 6(1) GDPR, every time you visit our website general data and information are automatically collected and saved temporarily in a ‘log file’. The following information is collected automatically, i.e. without your intervention, and saved until it is automatically erased:

data relating to access to the website (date, time and frequency),
IP address, which your internet access provider has assigned to your computer,
name and URL of the retrieved file,
website from which our website is accessed,
volume of transmitted data,
the browser and browser version you use,
the operating system you use,
the internet server provider you use.

The collection and storage of these data is necessary to ensure a smooth connection to and convenient use of the website. In addition, these data are used to ensure the security of our IT systems to detect and resolve any technical problems that may occur, and to prevent or prosecute the abuse of or other unlawful activity on our website. Data are also collected and stored if we are legally obliged to do so, e.g. based on administrative or judicial directives, as well as to safeguard our rights and claims, and for legal defence.

We only use your personal usage data as part of our mandate and will potentially only merge them with other information if you have previously conferred a mandate on us. The legal foundation for the processing of the data is points (b) to (f) of Article 6(1) GDPR. The legitimate interest is derived from the purposes stated above.

We use cookies and analysis services in connection with visits to our website. Please see in this regard the following notices in para. 6 (Cookies/Analysis tools) of the Data Protection Statement.

4. Purpose and legal basis of data processing
We process your personal data in accordance with the provisions of the EU General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG), professional codes of practice in relation to data privacy, as well as all other relevant laws. Data are processed pursuant to point (b) of Article 6(1) GDPR for the purposes stated there, in this case for the proper processing of your mandate and for the mutual performance of obligations under the mandate agreement, as well as for the execution of precontractual measures.

We will only collect and use personal data obtained from you if they are necessary for the assertion and defence of your rights as part of the mandate conferred on us. The data are collected only for the purpose of providing appropriate legal advice to you and representing you in legal issues. We also process your data to pursue our legitimate interests or those of third parties, in particular to establish any claims against you (point (f) of Article 6(1) GDPR). Moreover, we process your personal data to comply with statutory obligations pursuant to point (c) of Article 6(1) GDPR (e.g. commercial or fiscal duties of retention or our advisory obligation). The mandate agreement cannot be concluded and/or performed without processing your personal data.

5. Disclosure of your personal data to third parties:
When we disclose your personal data to third parties, we always seek to ensure the highest possible security level. Your personal data are transmitted to third parties only in the cases listed below, for example if

you have given explicit consent pursuant to point (a) of Article 6(1) GDPR,
their disclosure is necessary pursuant to point (b) of Article 6(1) GDPR for the performance of the mandate. This includes the transfer of data to opponents in legal proceedings and their representatives, especially lawyers or tax consultants, and to courts and other public authorities for the purpose of corresponding with them and asserting or defending your rights. The third party may use the data only for the aforementioned purposes. In all other respects, the lawyer-client privilege remains unaffected to the extent that it concerns data subject to the lawyer-client privilege,
their disclosure is necessary pursuant to point (c) of Article 6(1) GDPR to comply with a legal obligation,
their disclosure is necessary pursuant to point (f) of Article 6(1) GDPR for the establishment, exercise or defence of legal claims and there is no cause to assume that you have an overriding legitimate interest in the non-disclosure of your data.

In the operation and optimisation of our website, we employ service providers, e.g. in connection with the central IT infrastructure or for the hosting of our website. We have entered into agreements with the service providers concerned for the processing of data on our behalf pursuant to Article 28 GDPR. These processors may use the data made available by us only in accordance with our instructions. Both contracting parties are responsible for appropriate data protection precautions in this case. We have agreed to specific data protection precautions with our service providers. The employees and supervisors of the service providers are obliged to ensure the confidentiality of the data and to comply with this duty.

6. Cookies/Analysis tool
This website uses Google Analytics, a web analysis service of Google Inc. (‘Google’). Google Analytics uses cookies, i.e. text files that are saved on your computer and that allow an analysis of your use of the website. The information generated by the cookie about your use of this website (including your IP address) will be transmitted to a Google server in the USA and stored there. Google will use this information to analyse your use of the website to compile reports about the website activity for the website operators and to provide other services related to the use of the website and the use of the internet. In addition, Google may transmit this information to third parties if so required by law or to the extent that third parties process these data on behalf of Google. Under no circumstances will Google link your IP address to other data obtained by Google. You can prevent the installation of cookies by means of a corresponding setting in your browser; however, we wish to point out that in this case you may not be able to make full use of all the functions of this website. By using this website, you declare that you consent to the processing of the data collected about you by Google in the form and manner described above and for the purpose stated above.

7. Your rights
Pursuant to the GDPR, you have rights in relation to the processing of your personal data, about which we herewith wish to inform you. If you wish to exercise any of the rights outlined below, you can inform us accordingly with a simple notification. Except for postage, you will not incur any expenses for the enquiry. The enquiry can be sent by email to the above email address.

Subject to any statutory restrictions, you have the following rights with regard to your personal data:

Pursuant to Article 15(1) GDPR, the right to obtain access to the data about you that we have saved.
Pursuant to Article 16(1) GDPR, the right to rectification and/or completion of your data without undue delay.
Pursuant to Article 17 GDPR, you have the right to the erasure of your data. In this connection, we wish to point out that data protection legislation provides for an obligation to erase, but not for erasure deadlines. These are defined by the applicable domestic laws. We are obliged, for example, based on statutory provisions to store certain data for a longer period (e.g. retention periods for accounting records are currently ten years (German Tax Code [AO]).
Pursuant to Article 18 GDPR, you have the right to obtain a restriction of the processing of your data.
Pursuant to Article 20 GDPR, you have the right to receive the personal data concerning you, which you have provided, in a structured, commonly used and machine-readable format.
Pursuant to Article 21 GDPR, you have the right to object to the processing of personal data, if those data are processed based on legitimate interests pursuant to point (f) of Article 6(1) GDPR and your objection is based on grounds relating to your personal situation.

Pursuant to Article 77 GDPR, you have the right, moreover, to lodge a complaint with the competent supervisory authority for data protection of your federal state. Competent authority for Hamburg:

Hamburgischer Datenschutzbeauftragte für Datenschutz und Informationssicherheit (Data Protection Commissioner for Hamburg),
Kurt-Schumacher-Allee 4, 20097 Hamburg.

8. Duration of storage:
Your personal data will be erased upon expiry of the statutory retention period for lawyers (six years after expiry of the calendar year in which the mandate ended), unless we are obliged, pursuant to point (c) of Article 6(1) GDPR, in terms of fiscal or commercial law-related retention and documentation duties under the German Commercial Code (HGB), the German Criminal Code (StGB) or the German Tax Code (AO) to store the data for a longer period, or unless you have agreed to a longer storage duration pursuant to the first sentence, point (a) of Article 6(1) GDPR, or if the storage is required to pursue the legitimate interests of the controller or a third party pursuant to point (f) of Article 6(1) GDPR.

9. Security:
As part of our IT security, we use technical and organisational security measures to protect the data provided by you against accidental or intentional manipulation, loss, destruction or access by unauthorised persons. We continuously review and adapt our security precautions in line with data protection laws and technical advances. We protect our systems and data processing through technical and organisational measures, such as data encryption, pseudonymisation, anonymisation, access and entry controls, firewalls and restoration systems, as well as integrity testing. Our employees are regularly trained to handle your personal data in a confidential manner and are required to comply with data protection regulations in accordance with the data protection laws and professional codes of conduct.

10. Job applications
As part of the recruitment process, we collect, process and use your personal data exclusively to process your application and to conduct the recruitment process; the data only serve to assess your professional suitability and to contact you. In doing so, we only collect data that are required for the posted employment vacancy. The data you provide to us are transmitted initially to our HR department and processed and verified there. Thereafter, the HR department forwards your data as part of the recruitment process to the department(s) within our law firm that are involved in the selection process concerned. There your data are used as intended. If your application is successful and we conclude a contract with you, we include your data in your HR file. In doing so, the confidential handling of your data is of course guaranteed.

If your application is unsuccessful, your data are automatically erased six months after completion of the recruitment process. If you expressly consent to it, we will store your full application documentation for a period of 12 months to be able to inform you if a suitable position becomes vacant in our law firm. The above does not affect in any way to demand the erasure of your data at any time.

11. Weiland Insolvency Group
In addition, the following applies:

The controllers within the meaning of the GDPR are:

Dr Gerd Weiland (Lawyer)

Herbert Dürkop (Lawyer/Auditor)

Dr Nils G. Weiland (Lawyer)

Dr Thilo Streck (Lawyer)

Collecting, storing, processing and transferring personal data, and its nature, purpose and usage in insolvency (application) proceedings

Data processing is performed in insolvency (application) proceedings where it is necessary for compliance with a judicial obligation and for conducting the insolvency (application) proceedings. Article 6 (1) sentence 1 (c), (f) GDPR is the basis governing the lawfulness of this data processing. Data processing is necessary for compliance with a legal obligation to which the controller is subject and due to the parties’ legitimate interest in conducting orderly and correct proceedings.

The personal data collected by us is stored until the statutory retention period ends (6 years after expiration of the calendar year in which the proceedings ended); it is then erased unless, pursuant to Article 6 (1) sentence 1 (c) GDPR, we are obliged under retention and documentation duties prescribed by tax or commercial law (German Commercial Code/HGB; German Criminal Code/StGB or German Fiscal Code/AO) to store / retain the data for a longer period (e.g. 10 years), or you have given consent to a longer storage period pursuant to Article 6 (1) sentence 1 (a) GDPR.

Data processing is performed where it is necessary for compliance with a judicial obligation and for conducting the insolvency (application) proceedings. Article 6 (1) sentence 1 (c), (f) GDPR is the basis governing the lawfulness of this data processing. Data processing is necessary for compliance with a legal obligation to which the controller is subject and due to the parties’ legitimate interest in conducting orderly and correct proceedings. The personal data is stored until the statutory retention period ends (10 years after expiration of the calendar year in which the proceedings ended); it is then erased unless, pursuant to Article 6 (1) sentence 1 (c) GDPR, we are obliged under retention and documentation duties prescribed by tax or commercial law (German Commercial Code/HGB; German Criminal Code/StGB or German Fiscal Code/AO) to store the data for a longer period, or you have given consent to a longer storage period pursuant to Article 6 (1) sentence 1 (a) GDPR.

Your data will be passed on to the employees at our office who are entrusted with the handling of the insolvency proceedings as well as to the processors commissioned by us (Article 28 GDPR), especially in the area of IT services, document destruction, logistics and printing services, who will process and erase your data for us on instructions from the controllers. Insofar as it is necessary pursuant to Article 6 (1) sentence 1 (c) GDPR for the insolvency proceedings, your personal data will be transferred to third parties:

Insolvency court(s)

Insofar as it is necessary pursuant to Article 6 (1) sentence 1 (a) GDPR for the handling of the insolvency proceedings, we transfer personal data to the court in fulfilment of our reporting duty. Furthermore, the insolvency administrator is responsible for the schedule (Insolvenztabelle) (until the verification meeting), which is deposited with the insolvency court's registry for the parties' perusal (Section 175 (1) German Insolvency Act/InsO). In doing so, your personal data is transferred to third parties.

Data processing by other service providers

In insolvency proceedings, a creditor information system with the information that is available to the public and the information that is only available to the creditors can be accessed via our website.

External service providers

In order to fulfil our legal and contractual obligations, we may use external service providers; in particular, for archiving and destroying business documents, securing and evaluating debtor-company data, valuating and using movable fixed assets and real estate as well as within the scope of personnel services, such as the preparation of wage and salary statements, insolvency benefit certificates, special wage tax certificates, employment certificates, etc.

Other recipients

Furthermore, we may transfer personal data to other recipients, such as authorities, to fulfil statutory reporting obligations (e.g. social insurance schemes, fiscal authorities or law enforcement agencies).

12. Updates:
This Data Protection Statement is currently valid and was last updated on 25 May 2018. Due to changes in European and national legislation, administrative directives, or the further development of our website, we may be required to adapt this Privacy Policy at a later stage. A current version of the policy can be obtained from the above address.

Hamburg, 25 May 2018