This Policy is addressed to visitors of our website www.nikolgoetz.com (the “Website”) and other individuals outside Nikol & Goetz with whom we communicate with or have a business relationship. This includes in particular:
Nikol & Goetz is the controller of the personal data processed in accordance with this Policy, unless expressly stated otherwise.
Nikol & Goetz Partnerschaft von Rechtsanwälten mbB, Konrad-Goldmann-Str. 5a, 79100 Freiburg, Germany, email: firstname.lastname@example.org.
Further information about Nikol & Goetz can be found in our Legal Information section.
The kinds of personal data that we process may fall under any of the categories set out below (the “Data Categories”) and is subject to the type of business relationship between you and us.
The personal that we process may originate from any of the following sources:
We may process the personal data of our (potential) clients to whom we provide our services or to whom we are in communication with about our services. This would very often also include the processing of personal data of the (potential) clients’ employees, representatives, advisors or of the clients’ counterparties (e.g., as part of court proceedings or contract negotiations) and their employees and representatives. In the table below, we have set out the purposes of the relevant processing activities, the relevant Data Categories, and the legal basis for each processing activity.
We may process the personal data of our other (potential) business partners and their employees and staff members. This includes third parties that provide services to us. In the table below, we have set out the purposes of the relevant processing activities, the relevant Data Categories, and the legal basis for each processing activity.
We may process the personal data of participants in our events (e.g., workshops or seminars). The events are mostly offered for or conducted by our clients. However, from time to time, other persons may be permitted to register for and participate in an event. In the table below, we have set out the purposes of the relevant processing activities, the relevant Data Categories, and the legal basis for each processing activity.
We may process the personal data of individuals that apply for a job or internship with us (e.g., interns, trainees, or lawyers). In the table below, we have set out the purposes of the relevant processing activities, the relevant Data Categories, and the legal basis for each processing activity.
We may process the personal data of individuals visiting our premises. In the table below, we have set out the purposes of the relevant processing activities, the relevant Data Categories, and the legal basis for each processing activity.
When you visit our Website, certain Usage Data will automatically be processed.
“Cookies” are small text files that may be transferred to your device (e.g. computer, smartphone) when you visit a website by means of your web browser or other programmes. These are stored locally on your end device and kept ready for later retrieval.
More information on how to manage cookies in your internet browser is available from the following links for the most commonly used internet browsers:
Unless you have different settings, cookies that enable and ensure the technical operation of our Website remain on your device for a maximum of one day, but most cookies only remain until you close the browser.
In some case, we may transfer your personal data to third parties. This will be done solely in connection with the purposes of processing as set out above and always in compliance with our professional duties. The possible recipients of your personal data include the following companies, institutions, or persons:
For the purposes of processing your personal data as set out in this Policy, we may need to transfer your data to other third parties as noted in section 10 above. For this reason, the data may have to be transferred to a recipient in a country that is neither a Member State of the European Union nor a member of the European Economic Area (“Third Country”). For some Third Countries, the European Commission has determined that they provide an adequate level of protection for personal data (e.g., Switzerland, Canada, Argentina) (“Adequate Jurisdiction”). Where we transfer personal data to a recipient that is located in a Third Country that has not been determined to be an Adequate Jurisdiction, we do so on the basis of Standard Contractual Clauses as adopted by the European Commission. You can contact us at email@example.com to request copies of the relevant Standard Contractual Clauses.
We will only process your personal data for as long as it is necessary for the purposes set out in this Policy or as required by applicable law. When determining the retention period, we take into account the purposes for which we process the relevant personal data and whether such purposes can be achieved without the data, the categories of the relevant data, risks in the event of a data breach and legal obligations that require us to retain the data. For example, personal data that relates to your enquiries or orders are usually retained for six years as a “business letter” (sec. 257(4) HGB, Art. 6(1)(c) GDPR) or ten years as a “commercial letter” (sec. 147(3) AO, Art. 6(1)(c) GDPR).
Generally, you have the right not to provide us with your personal data. However, in some cases, we have a legal obligation to process your personal data (e.g., for the purpose of running conflict checks) or we require your personal data to be able to respond to your enquiries or to provide our services. In a relationship between us as your legal advisor and you as our client, such mandatory data includes at the minimum, your name, your address, and the content of your enquiry. Without the provision of this mandatory data, we will not be able to process your enquiries or perform our services.
If you have any questions about our processing of your personal data, we are of course happy to provide you with the information about the personal data concerning you and the related processing activities (Art. 15 GDPR). Subject to the legal requirements being met, you also have a right to obtain: (i) rectification of your personal data (Art. 16 GDPR); (ii) erasure of your personal data (Art. 17 GDPR); and (iii) restriction of processing of your personal data (Art. 18 GDPR). You also have a right to data portability (Art. 20 GDPR) and a right to lodge a complaint with a data protection authority (Art. 77 GDPR, sec. 19 BDSG). Where we process your personal data on the basis of your consent, you have the right to withdraw your consent at any time (Art. 7(3) GDPR).
Your right to object: Where we process your personal data on the basis of Art. 6(1)(f) GDPR, you have the rights to object to such processing at any time on grounds relating to your particular situation (Art. 21(1) GDPR). Furthermore, where we process your personal data for direct marketing purposes, you have a right to object to such processing at any time (Art. 21(2) GDPR).
BDSG“ means the German Federal Data Protection Act (Bundesdatenschutzgesetz der Bundesrepublik Deutschland).
“controller“ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
“GDPR“ means Regulation (EU) 2016/679 (General Data Protection Regulation).
“personal data“ means any information relating to an identified or identifiable natural person.
“processing“ means any operation or set of operations which is performed on personal data or on sets of personal data, such as collection, recording, organisation, structuring, storage, adaption or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.