Privacy Policy - Galen Lawyers Berlin | Criminal Law & Compliance

General information about the processing of personal data by the law firm Galen Rechtsanwälte

This privacy policy applies to data processing by the law firm Galen Rechtsanwälte GbR (hereinafter referred to as "Galen Rechtsanwälte" or the "Firm"). The Firm is also responsible for processing your personal data. The Firm is represented by Dr. Margarete Gräfin von Galen and Kilian Schaefer.

These notices are addressed to any natural person, such as clients, and, in the case of legal entities, to the clients' representatives, contacts or employees, as well as to opposing parties, parties to proceedings, whistleblowers, courts, authorities or other business partners with whom Galen Rechtsanwälte has a (including prospective) client, business or other communication relationship.

Galen Rechtsanwälte processes personal data only to the extent permitted by law, in particular the EU General Data Protection Regulation („GDPR”) and the Federal Data Protection Act („BDSG“).

If you have any questions about these guidelines or about how Galen Rechtsanwälte handles your personal data, you can contact the firm's data protection officer at any time by email at datenschutz@galen.de and can be reached by mail at the following address:

Galen Lawyers GbR
Data Protection Officer
Mommsenstrasse 45
10629 Berlin

1. Type and origin of the processed data

Depending on the client or business relationship, different types of personal data are processed. These typically include:

Identity data (e.g. name, date of birth, data contained in identity cards and other identification documents);
Contact details (e.g. address, email, telephone number) and
Mandate data (e.g. information that
- typically contained in legal documents such as contracts or pleadings and/or public registers, e.g. land register, commercial register and association registers,
- The subject of the correspondence with our clients, opposing parties, parties to proceedings, courts, authorities or other business partners was, or
- This may involve legal relationships with the client's employer or third parties, such as personal data, file numbers or loan or account numbers at credit institutions.
If this is the subject of our consultation, we also process special categories of personal data, e.g. health data (Art. 9 para. 1 GDPR) or data relating to criminal convictions and offenses or related security measures (Art. 10 GDPR).
Other communication data (e.g. data that is the subject of our correspondence and communication (oral/written, electronic (e-mail / chat))).

Unless you have provided us with your personal data yourself, we have obtained it from police, prosecutorial or court files, from our clients, business partners, service providers or cooperation partners for whom you may be acting as a representative or employee, or obtained the data from other sources such as whistleblowers or company websites or industry directories.

2. Purpose and legal basis of data processing

We process personal data to the extent necessary to protect the legitimate interests of Galen Rechtsanwälte (Art. 6 para. 1 lit. f GDPR), in particular:

for the conclusion or execution of mandate agreements, contracts and other business relationships (including the processing of purchase agreements, deliveries or payments) or for the preparation or response to requests for quotation and for determining the terms of the contractual relationship with our clients, business partners, service providers or cooperation partners, for whom you may act as a representative or employee;
for internal administrative purposes of the law firm (e.g. for accounting, address management);
possibly for conducting anti-terrorism and sanctions list screenings;
for conducting court and administrative proceedings and/or for the purpose of asserting/exercising and defending against legal claims at home and abroad, including for exercising professional privileges and ensuring other special confidentiality rights;
for other communication purposes;
to ensure the IT security and IT operations of our law firm;
for the use of service providers (e.g. external IT service providers) who support our business processes;
to prevent criminal offenses and, in individual cases, to accompany compliance investigations and the associated (also electronic) review of correspondence and documents;

Furthermore, personal data is processed for the performance of contracts with or orders from individuals (natural persons) with whom we have business relationships (Art. 6 para. 1 lit. b GDPR).

If you do not provide us with your personal data, we will not be able to carry out the contractual relationship or fulfill the aforementioned communication purposes.

Furthermore, data processing is partly required by law (Art. 6 para. 1 lit. c) GDPR). According to § 50 BRAO, we are professionally obligated to maintain legal files and may use electronic data processing for this purpose.

3. Disclosure of personal data

We only transfer your personal data to third parties on the basis of legal regulations or if you have given your consent in individual cases.

Your personal data may be transferred to external service providers within and outside the European Economic Area (EEA) to the extent necessary for the purposes mentioned above. In the course of our operations, we also use cloud-based IT solutions from third-party providers (e.g., Microsoft Office 365). In particular, we use (cloud-based) services for document management, collaboration, and the automation or analysis of documents, as well as external (cloud) mail server providers.

We carefully select our service providers and commission them in compliance with data protection and professional regulations.

As part of normal law firm procedures and for the purposes mentioned above, we may also share your data with other third parties within and outside the EEA, such as business partners or law firms with whom we cooperate in the context of a mandate, translators, opposing parties and other third parties.

Furthermore, where legally permissible, we may transfer your personal data to authorities (e.g., social security institutions, tax authorities, or law enforcement agencies), public registers, and courts in Germany and abroad to fulfill legal obligations or with your consent in individual cases. This may also include foreign authorities and courts.

4. Transfers to third countries

As a law firm that also deals with cross-border matters, we share the data we process with recipients (service providers or other third parties) who may be located in countries outside the EEA. If these countries do not have a level of legal protection comparable to European data protection law, we will take measures to ensure adequate protection of your personal data in these countries if we transfer it there. In particular, we use the standard contractual clauses published by the European Commission for this purpose.

5. Protection of personal data

Every one of our employees, as well as all employees of external service providers who have access to personal data, is obligated to treat this data confidentially and protect it accordingly. Furthermore, we have implemented various technical and organizational measures to ensure the secure processing of the data.

However, email communication in particular carries risks such as delayed or failed delivery, transmission to persons other than the intended recipient, data loss or corruption, interception, alteration, or other manipulation by third parties. Furthermore, despite the anti-virus software we use, viruses and similar malware can still be transmitted via email. Mobile telecommunications and other internet-based communication, such as video conferencing, pose comparable risks, especially regarding unauthorized access by third parties.

With regard to the use of cloud-based IT applications, it cannot be ruled out that third parties (especially US authorities) may openly or covertly access data. Even with due diligence and adherence to current technical standards, data loss or corruption cannot be excluded in cloud-based services.

6. Deletion of personal data

We delete personal data after the termination of the client or contractual relationship or our contact, if storage is no longer necessary for the fulfillment of our (post-)contractual obligations or the legitimate interests stated in this privacy policy, and if no statutory retention obligations exist. If statutory retention obligations exist, we restrict the processing of the data.

7. Rights of data subjects

Under the legal conditions, the existence of which must be checked in each individual case, you have the right to receive information about your personal data and to request the correction or deletion of your personal data or the restriction of processing and to receive your personal data in a structured, commonly used and machine-readable format (data portability).

Under the legal conditions, the existence of which must be examined in each individual case, you also have the right to object to the processing of your personal data.

Insofar as we process your personal data to inform you about our consulting activities and current developments to the extent relevant to your business, you can object to the processing of your personal data at any time without giving reasons.

Furthermore, you have the right to lodge a complaint with a supervisory authority regarding the processing of your personal data. The supervisory authority for our law firm's registered office is the Berlin Commissioner for Data Protection and Freedom of Information, Friedrichstr. 219, 10969 Berlin.

8. Updates and changes to this privacy policy

This information notice is currently valid and was last updated in July 2022. Changes to our activities and/or services, or changes in legal or regulatory requirements, may necessitate amendments to this information notice. The current privacy policy can be accessed and printed at any time on our website at www.galen.de/datenschutz.

Information on the processing of personal data on the Galen Lawyers website

The entity responsible for data processing on this website is:
Law firm Galen Rechtsanwälte GbR
Mommsenstrasse 45
10629 Berlin
Telephone: +49 (0) 30 31 01 82 – 0
Fax: +49 (0) 30 31 01 82 – 20
E-mail: info@galen.de

1. Collection and storage of personal data and the nature and purpose of its use when visiting our website

When you access our website www.galen.de, your browser automatically sends information to our website's server. This information is temporarily stored in a log file. The following information is collected automatically and stored until it is automatically deleted:

IP address of the requesting computer,
Date and time of access,
Name and URL of the retrieved file,
Website from which access is made (referrer URL),
browser used and, if applicable, the operating system of your computer as well as the name of your access provider.

We process the aforementioned data for the following purposes:

Ensuring a smooth connection to the website,
Ensuring a comfortable user experience on our website,
Evaluation of system security and stability as well as
for other administrative purposes.

The legal basis for data processing is Article 6(1)(f) GDPR. Our legitimate interest arises from the purposes of data collection listed above. Under no circumstances will we use the collected data to draw conclusions about your identity.

2. Making contact

When you contact us (for example by email), your information will be stored for the purpose of processing your request and in case of follow-up questions.

3. Data transfer

Your personal data will not be transmitted to third parties for purposes other than those listed below. We only share your personal data with third parties if:

You have given your explicit consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR,
the transfer is necessary pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR for the establishment, exercise or defense of legal claims and there is no reason to assume that you have an overriding legitimate interest in not having your data transferred,
in the event that there is a legal obligation to disclose the data pursuant to Article 6(1)(c) GDPR, as well as
This is legally permissible and necessary for the performance of a contract with you in accordance with Article 6(1)(b) GDPR.

Consent with Borlabs Cookie

Our website uses Borlabs Cookie's consent technology to obtain your consent to the storage of certain cookies in your browser or the use of certain technologies, and to document this in accordance with data protection regulations. The provider of this technology is Borlabs GmbH, Rübenkamp 32, 22305 Hamburg (hereinafter referred to as Borlabs).

When you visit our website, a Borlabs cookie is stored in your browser, which saves your consent preferences or any revocations of consent. This data is not shared with the provider of Borlabs Cookie.

The collected data will be stored until you request its deletion, delete the Borlabs Cookie yourself, or the purpose for data storage no longer applies. Mandatory legal retention periods remain unaffected. Details on Borlabs Cookie's data processing can be found at [link to Borlabs Cookie policy]. https://de.borlabs.io/kb/welche-daten-speichert-borlabs-cookie/.

The Borlabs Cookie Consent technology is used to obtain the legally required consent for the use of cookies. The legal basis for this is Article 6(1)(c) GDPR.

4. Analysis or tracking tools and cookies

Google Tag Manager

We use Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

The Google Tag Manager is a tool that allows us to integrate tracking and analytics tools and other technologies into our website. The Google Tag Manager itself does not create user profiles, store cookies, or perform independent analyses. It serves solely to manage and deploy the tools integrated through it. However, the Google Tag Manager does collect your IP address, which may also be transferred to Google's parent company in the United States.

The use of Google Tag Manager is based on Article 6(1)(f) GDPR. The website operator has a legitimate interest in the quick and easy integration and management of various tools on their website. If corresponding consent has been obtained, processing is carried out exclusively on the basis of Article 6(1)(a) GDPR and Section 25(1) TDDDG, insofar as the consent includes the storage of cookies or access to information on the user's device (e.g., device fingerprinting) within the meaning of the TDDDG. Consent can be withdrawn at any time.

The company is certified under the EU-US Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the USA designed to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF commits to adhering to these data protection standards. Further information is available from the provider at the following link: https://www.dataprivacyframework.gov/participant/5780.

Google Analytics

This website uses functions of the web analytics service Google Analytics. The provider is Google Ireland Limited („Google“), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics allows website operators to analyze the behavior of website visitors. The website operator receives various usage data, such as page views, time spent on the site, operating systems used, and the user's origin. This data is aggregated into a user ID and assigned to the respective device of the website visitor.

Furthermore, we can use Google Analytics to record your mouse movements, scrolling, and clicks, among other things. Google Analytics also uses various modeling approaches to supplement the collected data and employs machine learning technologies for data analysis.

Google Analytics uses technologies that enable user recognition for the purpose of analyzing user behavior (e.g., cookies or device fingerprinting). The information collected by Google about the use of this website is generally transmitted to and stored on a Google server in the USA.

The use of this service is based on your consent pursuant to Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG. This consent can be revoked at any time.

Data transfers to the USA are based on the EU Commission's Standard Contractual Clauses. Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/.

IP anonymization

Google Analytics IP anonymization is activated. This means that your IP address is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity, and to provide other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

Browser Plugin

You can prevent Google from collecting and processing your data by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.

For more information on how Google Analytics handles user data, please see Google's privacy policy: https://support.google.com/analytics/answer/6004245?hl=de.

Google Signals

We use Google Signals. When you visit our website, Google Analytics collects, among other things, your location, search history, YouTube history, and demographic data (visitor data). This data can be used for personalized advertising with the help of Google Signals. If you have a Google account, the visitor data from Google Signals will be linked to your Google account and used for personalized advertising messages. The data is also used to create anonymized statistics on the user behavior of our users.

Order processing

We have concluded a data processing agreement with Google and fully comply with the strict requirements of the German data protection authorities when using Google Analytics.

Google Ads

The website operator uses Google Ads. Google Ads is an online advertising program of Google Ireland Limited („Google“), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Ads allows us to display advertisements in the Google search engine or on third-party websites when users enter specific search terms into Google (keyword targeting). Furthermore, targeted advertisements can be displayed based on user data available to Google (e.g., location data and interests) (audience targeting). As website operators, we can quantitatively evaluate this data by, for example, analyzing which search terms led to the display of our advertisements and how many advertisements resulted in clicks.

The use of this service is based on your consent pursuant to Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG. This consent can be revoked at any time.

Data transfers to the USA are based on the EU Commission's Standard Contractual Clauses. Details can be found here: https://policies.google.com/privacy/frameworks and https://business.safety.google/controllerterms/.

Google Conversion Tracking

This website uses Google Conversion Tracking. The provider is Google Ireland Limited („Google“), Gordon House, Barrow Street, Dublin 4, Ireland.

With the help of Google conversion tracking, Google and we can recognize whether a user has performed certain actions. For example, we can analyze which buttons on our website are clicked most frequently and which products are viewed or purchased most often. This information is used to create conversion statistics. We learn the total number of users who clicked on our ads and what actions they performed. We do not receive any information that allows us to personally identify the user. Google itself uses cookies or similar recognition technologies for identification.

The use of this service is based on your consent pursuant to Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG. This consent can be revoked at any time.

For more information about Google Conversion Tracking, please see Google's privacy policy: https://policies.google.com/privacy?hl=de.

5. Social Media Plug-ins

We do not use any social media plugins on our website.

6. Google Maps

To help you plan your journey to us, you will also find a link to Google Maps. By using Google Maps, information about your use of our website, including your IP address, will be transmitted to and stored on a Google server. The Google Maps Terms of Service and Privacy Policy apply to the use of Google Maps. You can find these at the following links: https://www.google.com/intl/de_de/help/terms_maps.html, https://policies.google.com/privacy?hl=de

7. Rights of data subjects

You have the right:

In accordance with Article 15 of the GDPR, you have the right to request information about your personal data processed by us. In particular, you can request information about the purposes of the processing, the categories of personal data, the categories of recipients to whom your data have been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the origin of your data if they were not collected by us, and the existence of automated decision-making, including profiling, and, where applicable, meaningful information about the logic involved.;
In accordance with Article 16 GDPR, you have the right to request the immediate rectification of inaccurate or incomplete personal data concerning you that we hold;
In accordance with Article 17 GDPR, you have the right to request the erasure of your personal data stored by us, unless processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defense of legal claims;
In accordance with Article 18 GDPR, you have the right to request the restriction of the processing of your personal data if you contest the accuracy of the data, the processing is unlawful but you oppose its erasure, we no longer need the data but you require it for the establishment, exercise or defense of legal claims, or you have objected to processing pursuant to Article 21 GDPR;
In accordance with Article 20 GDPR, you have the right to receive the personal data you have provided to us in a structured, commonly used and machine-readable format or to request its transmission to another controller;
In accordance with Article 7(3) of the GDPR, you have the right to withdraw your consent at any time. This means that we will no longer be permitted to process your data based on this consent in the future.
According to Article 77 of the GDPR, you have the right to lodge a complaint with a supervisory authority. Generally, you can contact the supervisory authority of your habitual residence, your place of work, or our firm's registered office. The supervisory authority for our firm's registered office is the Berlin Commissioner for Data Protection and Freedom of Information, Friedrichstr. 219, 10969 Berlin.

8. Right to object

If your personal data is processed on the basis of legitimate interests pursuant to Article 6(1)(f) GDPR, you have the right to object to the processing of your personal data pursuant to Article 21 GDPR, provided there are grounds relating to your particular situation. If you wish to exercise your right to withdraw consent or object, simply send an email to datenschutz@galen.de.

9. Data security

We employ appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction, or unauthorized access by third parties. Our security measures are continuously improved in line with technological developments. Please note that data transmission over the internet (e.g., communication via email) can have security vulnerabilities. Complete protection of data against access by third parties or other risks is not possible despite appropriate precautions.

10. Updates and changes to this privacy policy

This privacy policy is currently valid and was last updated in July 2022. Due to the ongoing development of our website and related services, or due to changes in legal or regulatory requirements, it may become necessary to amend this privacy policy. The current privacy policy can be accessed and printed at any time on our website at www.galen.de/datenschutz.