STATEMENT ON DATA PROTEC­TION

The Notaries:
Dr. Jochen Böning, Christian Darge, Jörn H. Linnertz, Dr. Ralph Meyer im Hagen, Dr. Claudia Nottbusch, Julia Stahlhut, Dr. Jan-Martin Zimmermann

Legal Form:
We notaries hold a public office. It goes without saying that we treat your personal data confidentially and inform you which personal data are processed by us in accordance with the GDPR and which rights you have with regard to your data.

Registered Office:

28203 Bremen
Contrescarpe 21
Phone +49 (421) 33 34-0
Fax +49 (421) 33 34-111
bremen@ahlers-vogel.de

When processing data, we observe the DSGVO and protect your personal data, for which we notaries are responsible.
You can contact our data protection officer as follows:

Ahlers & Vogel Rechtsanwälte PartG mbB
Die Datenschutzbeauftragte
Contrescarpe 21
28203 Bremen
Phone +49 (421) 33 34-0
Fax +49 (421) 33 34-111
datenschutz@ahlers-vogel.de

The supervisory authority responsible for data protection is the State Commissioner for Data Protection.

Purpose of data processing

In the exercise of our notarial office, we process personal data for the purpose of dealing with your request and to fulfil the legal obligations incumbent upon us, also to deal with mandatory application obligations and legal notification and disclosure obligations vis-à-vis authorities.

Personal data and legal basis

Personal data processed by us are those that can be related to you, for example:

• Name, first name, maiden name, date of birth, place of birth, age, gender, marital status, home address, postal address, e-mail address, telephone number, fax number, etc;
• identification numbers such as those of your identity card, passport, driver’s license, tax identification number, license plate number, etc;
• Data of your bank account and about credits etc.;
• Data about your assets, such as real estate or company shares, insurance, income, pension information, movable assets, etc.

The legal basis for data processing is Art. 6 para. 1 lit. e) GDPR and Art. 6 lit. a-d, f GDPR. For certain notarial procedures it may be necessary to process information on disabilities, serious illnesses, sexual orientation – Art. 9 para. 2 lit. g) GDPR in conjunction with sect. 11, 17, 22 et seq., 28 BeurkG. In order to process your land register or registry law concerns, we collect personal data from publicly accessible sources, e.g. on properties or on the company or an association (register data). Data from credit institutions or private creditors (e.g. in the case of e.g. discharge of registered encumbrances) are collected, but only after prior order or to fulfil legal obligations.

Who receives your data?

We transmit your personal data to third parties if the law permits this, if it is necessary, and you have given your consent.
Access to data is granted to our notary’s office employees who are bound to secrecy and to service providers commissioned by us. This enables us to fulfil our legal and contractual obligations. If tax advisors, lawyers or other advisors work for parties involved in the notarial procedure, they will receive your and your contractual partner’s data.
Authorities to which we are required by law to provide information also receive these data, e.g. the real estate transfer tax office when buying or selling a property. Courts or registers receive your data if we have to make an entry, notification or registration in order to execute a deed. Service providers appointed by us, commissioned as processors in accordance with Art. 28 GDPR (e.g. the notary software provider and the accounting department) may access your data.

Storage of your data, your rights

Your stored data will be kept in accordance with the legal retention periods. The periods are based, for example, on the service regulations for notaries and the German Fiscal Code (AO). Accounting records are kept for 10 years from the date of correspondence dispatch and entry in the accounts department; see sect. 257 German Commercial Code, sect. 147 AO. A record of a testamentary disposition of death is kept for 100 years – sect. 20 Abs. 1 DONot.

You have rights to:

• Information on the personal data concerning you (art. 15 GDPR),
• Correction of incorrect personal data concerning you (Art. 16 GDPR),
• Erasure of personal data (Art. 17 GDPR),
• Restriction of the processing of personal data (Art. 18 GDPR),
• Opposition to the processing of personal data (Art. 21 GDPR).

You may exercise these rights, unless the notarial obligation of secrecy (sect. 18 BNotO) would be violated. Your data will be processed in accordance with the legal regulations. In exceptional cases we need your consent, which you may revoke for future processing of your data.

You may contact our data protection officer or the responsible supervisory authority for data protection if you believe that the processing of your personal data is not lawful.

Do you still have questions? Our data protection officer will be happy to answer them.

We maintain online presences within the social networks Youtube, Xing and LinkedIn (hereinafter jointly referred to as “platforms”) in order to communicate with the users active there via the platforms if they are interested. These platforms can only be accessed via an external link. We do not integrate any plugins of platforms on our website. As soon as one of our profiles is called up on the respective platform, the terms and conditions and data processing guidelines of the respective plattform’s operators apply there.

General Information

If you have any questions regarding data protection, please contact the data protection officer of our law firm directly.

Ahlers & Vogel Rechtsanwälte PartG mbB
Die Datenschutzbeauftragte
Contrescarpe 21
28203 Bremen
Phone+49 (421) 33 34-0
Fax +49 (421) 33 34-111
datenschutz@ahlers-vogel.de

Processing of personal data

Data processing by the operators of the platforms

We maintain channels with the platformers listed below. The providers of these platforms process user data for their own purposes. We have no influence on the specific scope of data processing. The data processing information provided by each provider is linked below.

Facebook

We have integrated elements of the social network Facebook on this website. The provider of this service is Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland. According to Facebook’s statement the collected data will be transferred to the USA and other third-party countries too.

An overview of the Facebook social media elements is available under the following link: https://developers.facebook.com/docs/plugins/.

If the social media element has been activated, a direct connection between your device and the Facebook server will be established. As a result, Facebook will receive information confirming your visit to this website with your IP address. If you click on the Facebook Like button while you are logged into your Facebook account, you can link content of this website to your Facebook profile. Consequently, Facebook will be able to allocate your visit to this website to your user account. We have to emphasize that we as the provider of the website do not receive any information on the content of the transferred data and its use by Facebook. For more information, please consult the Data Privacy Policy of Facebook at: https://de-de.facebook.com/privacy/explanation.

The use of this service is based on your consent in accordance with Art. 6 (1)(a) GDPR and § 25 (1) TDDDG. Consent can be revoked at any time.

Insofar as personal data is collected on our website with the help of the tool described here and forwarded to Facebook, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (Art. 26 DSGVO). The joint responsibility is limited exclusively to the collection of the data and its forwarding to Facebook. The processing by Facebook that takes place after the onward transfer is not part of the joint responsibility. The obligations incumbent on us jointly have been set out in a joint processing agreement. The wording of the agreement can be found under: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing the privacy information when using the Facebook tool and for the privacy-secure implementation of the tool on our website. Facebook is responsible for the data security of Facebook products. You can assert data subject rights (e.g., requests for information) regarding data processed by Facebook directly with Facebook. If you assert the data subject rights with us, we are obliged to forward them to Facebook.

Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum, https://de-de.facebook.com/help/566994660333381 and https://www.facebook.com/policy.php.

The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the US, which is intended to ensure compliance with European data protection standards for data processing in the US. Every company certified under the DPF is obliged to comply with these data protection standards. For more information, please contact the provider under the following link: https://www.dataprivacyframework.gov/participant/4452.

Instagram

We have integrated functions of the public media platform Instagram into this website. These functions are being offered by Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland.

If the social media element has been activated, a direct connection between your device and Instagram’s server will be established. As a result, Instagram will receive information on your visit to this website.

If you are logged into your Instagram account, you may click the Instagram button to link contents from this website to your Instagram profile. This enables Instagram to allocate your visit to this website to your user account. We have to point out that we as the provider of the website and its pages do not have any knowledge of the content of the data transferred and its use by Instagram.

The use of this service is based on your consent in accordance with Art. 6 (1)(a) GDPR and § 25 (1) TDDDG. Consent can be revoked at any time.

Insofar as personal data is collected on our website with the help of the tool described here and forwarded to Facebook or Instagram, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (Art. 26 DSGVO). The joint responsibility is limited exclusively to the collection of the data and its forwarding to Facebook or Instagram. The processing by Facebook or Instagram that takes place after the onward transfer is not part of the joint responsibility. The obligations incumbent on us jointly have been set out in a joint processing agreement. The wording of the agreement can be found under: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing the privacy information when using the Facebook or Instagram tool and for the privacy-secure implementation of the tool on our website. Facebook is responsible for the data security of Facebook or Instagram products. You can assert data subject rights (e.g., requests for information) regarding data processed by Facebook or Instagram directly with Facebook. If you assert the data subject rights with us, we are obliged to forward them to Facebook.

Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum, https://privacycenter.instagram.com/policy/ and https://de-de.facebook.com/help/566994660333381.

For more information on this subject, please consult Instagram’s Data Privacy Declaration at: https://privacycenter.instagram.com/policy/.

The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the US, which is intended to ensure compliance with European data protection standards for data processing in the US. Every company certified under the DPF is obliged to comply with these data protection standards. For more information, please contact the provider under the following link: https://www.dataprivacyframework.gov/participant/4452.

LinkedIn

This website uses elements of the LinkedIn network. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland.

Any time you access a page of this website that contains elements of LinkedIn, a connection to LinkedIn’s servers is established. LinkedIn is notified that you have visited this website with your IP address. If you click on LinkedIn’s “Recommend” button and are logged into your LinkedIn account at the time, LinkedIn will be in a position to allocate your visit to this website to your user account. We have to point out that we as the provider of the websites do not have any knowledge of the content of the transferred data and its use by LinkedIn.

The use of this service is based on your consent in accordance with Art. 6 (1)(a) GDPR and § 25 (1) TDDDG. Consent can be revoked at any time.

Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here: https://www.linkedin.com/help/linkedin/answer/a1343190/datenubertragung-aus-der-eu-dem-ewr-und-der-schweiz?lang=de.

For further information on this subject, please consult LinkedIn’s Data Privacy Declaration at: https://www.linkedin.com/legal/privacy-policy.

The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the US, which is intended to ensure compliance with European data protection standards for data processing in the US. Every company certified under the DPF is obliged to comply with these data protection standards. For more information, please contact the provider under the following link: https://www.dataprivacyframework.gov/participant/5448.

XING

This website uses elements of the XING network. The provider is the New Work SE, Am Strandkai 1, 20457 Hamburg, Germany.

Any time one of our sites/pages that contains elements of XING is accessed, a connection with XING’s servers is established. As far as we know, this does not result in the archiving of any personal data. In particular, the service does not store any IP addresses or analyze user patterns.

The use of this service is based on your consent in accordance with Art. 6 (1)(a) GDPR and § 25 (1) TDDDG. Consent can be revoked at any time.

For more information on data protection and the XING share button please consult the Data Protection Declaration of Xing at: https://privacy.xing.com/de/datenschutzerklaerung.

The data collection can also register non-registered users by using so-called cookies, which are stored on the users’ end devices. Such cookies are used solely by the respective platform. We therefore have no influence on the type and scope of concrete data processing by the platforms mentioned in this declaration and refer to the information provided by the platforms for further details and setting options.

Data processing by Ahlers & Vogel

When visiting one of our sites, we collect and process personal data depending on the site’s use by the visitor.

Every visitor can contact us using the options available on the portal. Contact can be established, for example, by e-mail or by direct message. We process the data provided directly in the message and the user profile. The data transmitted to us in this course will only be processed for the purpose of communication with the respective user. The legal basis for the data processing is therefore Art. 6 para. 1 lit. f. DSGVO, as in this case our legitimate interest in answering the communication outweighs the interests of the person concerned.

In addition, the platforms offer the possibility of using platform-dependent functionalities (e.g. like buttons, comment functions, sharing of contributions). In this case, we and other visitors can see personal data (e.g. name of the user).

We only store the data until the purpose for which the data processing is intended has been achieved or until we are legally obliged to store it.

General information on data processing on Facebook and Instagram

We are running corporate pages on the platforms Facebook and Instagram in order to inform the users of these platforms about our company and to regularly inform the users about current events and activities. Users can comment on this information and/or “Like” it by using the “Like”-Button function offered by Meta. It is also possible to leave your own posts on our corporate pages. These interactions are publicly visible to other users.

The type and scope of the personal data processed therefore strongly depends on the user’s behaviour. In addition, you can find alternative ways of contacting us on our website https://www.ahlers-vogel.de/.

On these pages, we can view only the information stored in your public profile, and only if you have such a profile and also only if you use this profile to visit or follow our corporate page.

In addition, Meta provides us with aggregate statistics that we use to improve the user experience when visiting our corporate page. We do not have access to the usage data that Meta collects to compile these statistics and therefore cannot attribute your person based on this data. This data processing serves our legitimate interest in improving the user experience when visiting our corporate page in line with the target group. The legal basis for the data processing is therefore Art. 6 para. 1 lit. f) GDPR.

In addition, Meta uses so-called cookies, which are stored on your device when you visit our corporate page, even if you do not have your own profile or are not logged in to it during your visit to our company page. These cookies allow Meta to create user profiles based on your preferences and interests and to show you advertising tailored to these preferences both inside and outside the platforms. Cookies remain on your terminal device until you delete them. Details of this can be found in Meta’s privacy statements on Facebook and Instagram linked above.

Under an agreement pursuant to Art. 26 of the GDPR, Meta has committed to us to assume primary responsibility under the GDPR for the processing of this data, to comply with all obligations under the GDPR with respect to this data and to provide the data subjects with the essence of this commitment. For more information, please see:

https://www.facebook.com/legal/terms/page_controller_addendum

Purpose of processing

We process the data in order to interact with the users of our company site. This can be done via direct messages or via the community functions provided by Meta.

If you contact us via direct messages, we process, for example, your username, profile picture, contact details and the data provided in your message. We process this data in order to be able to communicate with the user and process the request. The legal basis for data processing is Art. 6 (1) (b) GDPR, if it is about the initiation or implementation of a contractual relationship and otherwise Art. 6 (1) (f) GDPR, whereby our legitimate interest is in responding to your request. We delete this data as soon as it is no longer required for communication and we no longer need the data to pursue or defend against legal claims or to comply with statutory retention periods.

In addition, we process data when users interact with us via the community functions (e.g. posting or sharing contributions or comments). For example, we process the user name, profile picture and contact data as well as the active interaction of the user. We process this data in order to be able to provide the community functions offered by Meta. The legal basis for the data processing is Art. 6 para. 1 lit. f) GDPR. Our overriding legitimate interest is to be able to provide the functions offered by the platforms.

We only process the data collected in the context of the use of the community function as long as this is necessary. In general, this means as long as we operate the company page or your interaction on our company page has not been deleted on your part. Beyond this, the data is only stored insofar as it is necessary for the pursuit of or defence against legal claims or for the fulfilment of any statutory retention obligations.

Handling of sensitive data

Please do not share any personal data of third parties, sensitive data (e.g. special categories of personal data (Art. 9 GDPR)) via the platforms as well as content and data on existing or possibly future mandate relationships. Should the transmission of such personal data be absolutely necessary, we request that you contact us via the means of communication offered on our website.

Data transfer to third countries

We do not intend to transfer personal data to a third country.

The platforms collects certain diagnostic and service data, uses these on their own responsibility for their own purposes and also processes this personal data in third countries without us being able to influence this.

We would like to point out that according to the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfers to the USA. This may be accompanied by various risks to the lawfulness and security of data processing. In particular, it cannot be ruled out that US security authorities will have unrestricted access to the data. There are no possibilities for legal protection against such access by the US security authorities that are comparable to the European level of protection.

• Right to withdraw your consent; Art. 7 para. 3 GDPR
  You have the right to withdraw your consent to the processing of personal data vis-à-vis us at any time. We will then consequently stop the data processing which took place on the basis of your consent. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
• Right of access; Art. 15 GDPR
  You have the right to obtain confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, which personal data are being processed and the information enumerated in Art. 15 GDPR.
• Right to rectification, Art. 16 GDPR
  You have the right to demand the rectification of inaccurate personal data concerning you and – as case may be – a right to have incomplete personal data concerning you completed.
• Right to erasure; Art. 17 GDPR
  You have the right to demand that personal data concerning you are erased where one of the grounds listed in Art. 17 GDPR applies.
• Right to restriction of processing; Art. 18 GDPR
  You have the right to demand a restriction of processing where one of the grounds listed in Art. 18 GDPR applies.
• Right to data portability; Art. 20 GDPR
  You have the right to receive the personal data concerning you in a structured, commonly used and machine-readable format and have the right to demand transmission of those data to third parties where one of the grounds listed in Art. 20 GDPR applies.
• Right to object; Art. 21 GDPR
  You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (f) of Article 6 para. 1 GDPR. We will then no longer process the personal data unless there are compelling legitimate grounds for the processing which override your interests, rights and freedoms or the processing is necessary for the establishment, exercise or defence of legal claims.
• Right to lodge a complaint with a supervisory authority; Art. 77 GDPR
  You have the right to lodge a complaint with a supervisory authority, if you consider that the processing of personal data relating to you infringes data protection rules. You may lodge the complaint in the Member State of your habitual residence, place of work or place of the alleged infringement.