Steger & Pfahler Logo

Privacy Notice

In the following we inform you about the processing of your personal data.

Personal data

Pursuant to Article 4 of the General Data Protection Regulation (“GDPR”), personal data are any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Controller

Steger & Pfahler
Partnerschaft von Rechtsanwälten
Nikolaistraße 5
80802 Munich Germany

Email: kanzlei@stegerpfahler.de
Phone: +49 (0) 89 2459 3892

Your rights

You have the following statutory rights under data protection law:

  1. Right of access (Article 15 GDPR)
  2. Right to rectification (Article 16 GDPR)
  3. Right erasure (“right to be forgotten”) (Article 17 GDPR)
  4. Right to restriction of processing (Article 18 GDPR)
  5. Right to data portability (Article 20 GDPR)
  6. Right to object (Article 21 GDPR)

To the extent the processing is based on consent pursuant to Article 6 (1)(1)(a) or Article 9 (2)(a) GDPR, you have the right to revoke the consent at any time without affecting the lawfulness of the processing carried out on the basis of the consent until revocation.

Please note your right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or of an alleged infringement of the GDPR.

There is no automated decision making.

Your right to object pursuant Article 21 GDPR

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Article 6(1) GDPR, including profiling based on those provisions. We will no longer process the personal data unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.

To the extent we process personal data for the purpose of direct marketing, you as the data subject have the right to object to the processing of personal data relating to you for the purpose of such marketing at any time; this also applies to any profiling, to the extent it is connected to such direct marketing.

Processing activities

  1. Using our website for informational purposes
  2. Contact by phone, email, mail or other means of communication
  3. Mandate data
  4. Processing of personal data in connection with contracts with legal entities
  5. LinkedIn

Using our website for informational purposes

Processing activity

If you visit our website without registering, contacting us or otherwise providing us with information, we only process the personal data that your browser sends to our server automatically.

If you wish to view our website, we process the general data necessary to deliver the website correctly, e.g. your IP address, date and time of the request, content of the requests (the correct page) etc.

Purpose and legal basis

The processing activity is carried out in order to provide the website and to ensure its stability and security.

The legal basis is Article 6 (1)(1)(f) GDPR. Our legitimate interest is making our website available to you in a fully functional form.

Storage period

As soon as this personal data is no longer required to display the website, it will be deleted. Further storage may be carried out in individual cases if this is required by law.

Recipients

We disclose this personal data to our IT service providers, hosting.de GmbH, Franzstr. 51, 52064 Aachen and Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen.

Obligation to provide the data

The provision of this personal data is neither a statutory nor a contractual requirement, nor is it a requirement necessary to enter into a contract. You are also not obliged to provide this personal data. However, if you do not provide this data, you may not be able to access our website.

Please note:
You have a right to object under Article 21 GDPR. You can send your objection to us at any time, for example by email or by post using the contact details given above.

Contact by phone, email, mail or other means of communication

Processing activity

If you contact us by telephone, your telephone number and, if applicable, other personal data such as your name or e-mail address will be processed by us.

If you contact us by e-mail, the personal data you send to us will be processed. In particular, your e-mail address and, if applicable, further personal data such as your name will be processed by us, insofar as such data are contained in your e-mail to us.

If you contact us by mail, we will process your name as well as your address and any other personal data contained in your correspondence.

If you contact us via any other means of communication, the personal data transmitted to us, such as your name (if any) and the address at which you can be reached via the means of communication, will be processed by us.

Purpose and legal basis

The purpose of the processing is to be able to get in contact with you.

The legal basis is Article 6 (1)(1)(b)(2) GDPR, as far as pre-contractual requests are concerned. For existing customers, the legal basis is Article 6 (1)(1)(b)(1) GDPR, insofar as processing is carried out for the purpose of fulfilling the contract. In all other cases the legal basis is Article 6 (1)(1)(f) GDPR. Our legitimate interest is to answer your contact request and to contact you.

Storage period

This personal data will be deleted upon expiry of the legal retention periods. To the extent this personal data is covered by professional secrecy obligations, professional regulations may oblige us to store this personal data for a period of six years. Tax regulations may oblige us to store this personal data for a period of ten years.

Recipients

We disclose this personal data to our IT service providers, hosting.de GmbH, Franzstr. 51, 52064 Aachen and Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen.

Insofar as this personal data is tax-relevant personal data, we transmit it to our tax advisor.

Insofar as this personal data is connected to a mandate, we may transmit it to authorities, courts or other third parties.

Obligation to provide the data

The provision of this personal data is not a statutory requirement, but — to the extent the conclusion or performance of the contract is concerned — contractually required or a requirement necessary to enter into the contract. If you do not provide this personal data, the contract cannot be concluded or performed.

Please note:
To the extent that the processing is based on our legitimate interest, you have the right to object under Article 21 GDPR. You can send your objection to us at any time, for example by email or by post using the contact details given above.

LinkedIn

Processing activity

We have created a LinkedIn page at https://www.linkedin.com/company/71765700/.

For a list of processing activities, we refer to the privacy policy of LinkedIn Ireland Für eine Auflistung der Verarbeitungsvorgänge verweisen wir auf die Datenschutzerklärung der LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, https://de.linkedin.com/legal/privacy-policy?#data.

Joint controllers

We are jointly responsible with LinkedIn Ireland Unlimited Company, Gardner House, Wilton Plaza, Wilton Place, Dublin 2, Ireland (“LinkedIn”) for the collection of personal data – but not for its further processing– of registered users of LinkedIn’s services (“Members”) who visit our LinkedIn Page.

Therefore, we have entered into a joint controller agreement with LinkedIn (“LinkedIn Addendum”), which essentially has the following content:

LinkedIn provides us with information under the “Analytics” tab information (“Page Insights”). We have no influence on the compilation of this information and its provision.

Page Insights provided to us consist of aggregated data and LinkedIn does not provide us with personal data of members regarding Page Insights nor does LinkedIn allow us to relate Page Insights back to individual members.

LinkedIn ensures the security of the processing of member data and the provision of Page Insights by implementing appropriate technical and organizational measures; more information can be found here: https://security.linkedin.com/.

LinkedIn has agreed to take responsibility under the GDPR for the provision of Page Insights and to comply with all applicable obligations under the GDPR with respect to its processing of Page Insights (including, but not limited to, Articles 12-22 and Articles 32-34 of the GDPR).

We have agreed to comply with applicable obligations under the GDPR arising from our use of Page Insights. Further, we have agreed that if we are contacted by a data subject or supervisory authority under the GDPR (or other applicable law) regarding the processing of Page Insights and/or the obligations assumed by LinkedIn and us under the LinkedIn Addendum (each such contact a “Request”), we will notify LinkedIn immediately and in any event within three business days and provide LinkedIn with all information they reasonably require in connection with the Request.

In addition, LinkedIn has agreed to respond to requests in accordance with LinkedIn’s obligations under the LinkedIn Addendum, the GDPR and other applicable law. We have also agreed to use all reasonable efforts to cooperate with LinkedIn in responding to any such Request in a timely manner.