We, Scheja & Partners GmbH & Co. KG, appreciate your interest in doing business with our law firm. Your privacy is our top priority. We take the protection of your personal data and its confidential treatment very seriously. Below, we provide information about how we process your personal data in the context of our business relationship with you or your employer and about your data protection rights. 

The controller responsible for data processing is: 

Scheja & Partners GmbH & Co. KG (hereinafter referred to as “we”)
Adenauerallee 136
D-53113 Bonn
T.: +49 228-227 226-0
Email: Encrypted contact form

You can contact our Data Protection Officer as follows:

Scheja & Partners GmbH & Co. KG
Datenschutzbeauftragter
Adenauerallee 136
D-53113 Bonn
Email: Encrypted contact form

Within the scope of our business relationship with you or your employer, we only process personal data relating to you that is relevant to the business relationship. This may include the following: :

Contact details: first name and last name, email address, and, if applicable, address and telephone numbers 

Data relating to the business relationship: content of inquiries, offers, and invoices, communication within the scope of the business relationship, documents 

Contract data: Service and product descriptions, contract documents 

Web meeting data: Data related to web meetings, such as user data, audio and video data, contributions, and content shared by you during the web meeting. 

a. Preparation and performance of our business relationship
We process your personal data for the preparation and execution of the business relationship. The scope of data processing and the specific purposes depend on the respective contract. 

Data processing is carried out on the basis of Article 6 para. 1 b) GDPR, provided that a business relationship with you personally exists or is to be entered into. If, on the other hand, you are acting on behalf of a third party, in particular your employer, data processing is carried out on the basis of Article 6 para. 1 f) GDPR, provided that this is compatible with your fundamental rights and freedoms. 

b. Compliance with legal obligations 
We also process personal data to comply with legal obligations to which we are subject. These may arise, for example, from commercial, tax, money laundering, financial, or criminal law. The purposes of the processing are determined by the respective legal obligation; in these cases, the processing generally serves the purpose of complying with state control and information obligations. 

Data processing is carried out on the basis of Article 6 para. 1 c) GDPR. 

c. Conducting web meetings
When conducting video and audio conferences, we only process data to ensure that the web meeting runs smoothly. We conduct web meetings within the framework of a contractual relationship or contract initiation with you (Article 6 para. 1 b) GDPR), within the framework of a business relationship with the company for which you work (Article 6 para. 1 f) GDPR – in the interests of carrying out joint projects and other business relationships) or if you have given us your informed consent in individual cases (Article 6 para. 1 a) GDPR). 

If we use Microsoft services to participate in web meetings, Microsoft is responsible for data processing. With regard to the processing of personal data by Microsoft, we refer to their privacy policy: https://privacy.microsoft.com/de-de/privacystatement. 

You are not obliged to provide us with personal data. However, depending on the individual case, the provision of certain personal data may be necessary for the preparation and performance of a business relationship. If you do not provide us with this personal data, we may not be able to enter into a business relationship with you. 

In addition to direct collection, we may also collect personal data from other business partners, other companies/agencies, and, if applicable, your employer in the course of preparing and performing our business relationship. 

Only those persons who need your personal data for the purposes specified in section 4 have access to it. We only pass on your personal data to external recipients if this is necessary for the performance of our business relationship or if there is another legal permission to do so. 

External recipients may include: 

Processors: Service providers that we use to provide services, for example in the areas of technical infrastructure and maintenance of our IT systems. 

Public authorities: Authorities and government institutions to which we are required to transfer personal data for legally binding reasons. 

Private entities: Private entities to whom we transfer your personal data on the basis of a legal provision, for example, lawyers, tax advisors, and other companies or entities that are contacted for the preparation and performance of the business relationship. In the case of web meetings, the providers of such services and participants in the meetings may also be recipients. 

We use service providers whose headquarters are not located in the European Union or the European Economic Area for IT services and IT infrastructure. In doing so, we ensure, except in cases where exceptions are permitted by law, that the recipient has an adequate level of data protection or that appropriate safeguards are in place before the transfer takes place. You can request an overview of the recipients in third countries and a copy of the appropriate or adequate safeguards. Please use the information provided in section 1 for this purpose. 

The personal data collected by us for the business relationship will be deleted after expiry of the statutory retention period, unless we are obliged to store it for longer due to statutory documentation obligations. In this case, we will delete your personal data after the statutory obligation has expired. 

As a data subject, you have the following rights under the GDPR, provided that the respective legal requirements are met: 

Right of access: You have the right to obtain information about the data we process about you. 

Right to rectification: You can request the rectification of inaccurate data concerning you. In addition, you can request the completion of incomplete data. 

Right to erasure: In certain cases, you can request the deletion of your personal data. 

Right to restriction of processing: In certain cases, you may request that we restrict the processing of your data. 

Right to data portability: If you have provided us with data on the basis of a contract or consent, you can request that you receive the data you have provided in a structured, commonly used and machine-readable format or that we transfer it to another controller. 

Right to object 

You have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data based on Article 6 para. 1 f) GDPR. We will then no longer process this personal data for these purposes, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims. 

Exercising your rights: To exercise any of your rights mentioned above, please contact us using the contact details provided in section 1. Please ensure that we are able to clearly identify you. 

Right to lodge a complaint with the supervisory authority: You have the right to lodge a complaint with a data protection supervisory authority, in particular in the Member State of your habitual residence, your place of work or the place of the alleged infringement, if you consider that the processing of personal data relating to you is unlawful. 

Automated individual decision-making, including profiling within the meaning of Article 22 GDPR, does not take place in connection with our business relationship.