We welcome you to the website of Siewer Weizsäcker Rechtanwälte Partnerschaftgesellschaft mbB. Protecting the privacy of your data is important to us. Here we would like to provide you with information to the extend and for which purposes we collect and process your personal data via this website. The operators of this website take the protection of your personal data very seriously. We treat your personal data as confidential and in accordance with the statutory data protection regulations and this privacy policy. If you use this website, various pieces of personal data will be collected. Personal information is any data with which you could be personally identified. This privacy policy explains what information we collect and what we use it for. It also explains how and for what purpose this happens. Please note that data transmitted via the internet (e.g. via email communication) may be subject to security breaches. Complete protection of your data from third-party access is not possible.

Should you wish to view or update our data protection officer please contact us at: Name: Elizaveta Kislova E-Mail address: datenschutz@siewer.net Conventional post: Siewer Weizsäcker Rechtsanwälte (Potsdamer Str. 86 10785 Berlin)

1. The processing of personal data when providing legal services

1.1 The processing of personal data relating to clients Before drafting a contract, our potential clients are asked to fill out a special form (LINK) with the information needed exclusively for our services and a successful governmental authority application. Our law firm uses a web-based form tool to offer you a user-friendly form, which you fill out with the information necessary for your further application(s). The form is safe and secure to use and its Services are compliant with the GDPR. Any possible data leaks on behalf of the Service Provider will lead to criminal liability. The information that you decide to provide is voluntary, yet the form contains questions, answers to which are strictly necessary for the purposes of a successful application. The legal basis for this processing of data is Art. 6 (1), first sentence, (b) GDPR. The information provided will not be used for any other purposes and will not be shared with third parties who are not parties to a contract with our law firm and/or do not act in legitimate interest in performance of the contract. Categories of data you provide to us: Personal: name (with changes), date and place of birth, bank details, address, contact details, date and place of birth, gender, religious affiliation, marital status (with past marriages), citizenship(s) (with past ones), place(s) of residence, names of parents etc. Ancestral: name (with changes), date and place of birth, date of death, gender, religious affiliation, marital status (with past marriages), citizenship(s) (with past ones), place(s) of residence, persecution in Germany between the years 1933 and 1945 etc. Hereinafter, when we receive an instruction to act as attorneys, we collect and process the name, address and other contact information which was already given to us as well as information related to any facts provided by our clients, which could also contain personal data. During the course of working on client matters, further personal data could also be stored. Generally, all data, including personal data, is collected and processed by our law firm software for attorneys into electronic client and case files. The use of the software is GDPR-compliant and secure. The collection and further processing of this data is carried out for the purposes of establishing and performing the contract and to carry out pre-contractual steps at the request of the client, as well as for the purposes of billing the services provided. The legal basis for this processing of data is Art. 6 (1), first sentence, (b) GDPR.

1.1.2 The processing of personal data relating to third-parties In the course of providing its services, our law firm also processes personal data of third parties as well as shares such with them, e.g. contact persons in public authorities, courts and service providers, business contacts etc. This includes in particular contact data (names, addresses, telephone numbers and fax numbers, email addresses etc.) as well as information relating to client matters, which could also contain personal data. Some of this data is collected directly from the clients, some is collected by other means (e.g. arhival work), specifically for the purpose of providing legal advice and representation services to clients of our law firm, including the related correspondence and documentation, in particular Article 6 (1) s. 1 lit. f GDPR. To the extent that contractual agreements exist between the client and our law firm and the processing of personal data occurs in the performance of those agreements, the basis for that processing is Art. 6 (1) first sentence (b) GDPR.

1.1.3 Recipients of personal data In the course of the handling of client matters, personal data is sent to service providers who process that data for a specific purpose on behalf of our law firm within the meaning of Art. 28 GDPR on the basis of a contractual agreement for third party processing as per Art. 28 (3) GDPR. Primary examples of this are IT service providers, in particular in respect of the attorney software and technical infrastructure used. All service providers engaged by our law firm have signed a contractual agreement with Siewer Weizsäcker Rechtsanwälte in which they undertake to maintain confidentiality where they come into or could come into contact with information covered by a confidentiality undertaking. Depending on the type of client matter, personal data may also be transferred in the course of working on the matter to third parties who are not processors. This may include, in particular, recipients in the following categories: courts, authorities, bailiffs, correspondence attorneys and external counsels, translation providers, research providers, consulates, embassies etc. Such a transmission to third parties will only occur if and to the extent that the transmission is necessary for the performance of the contract of engagement (legal basis: Art. 6 (1) first sentence lit. b GDPR) or this is covered by the client’s consent (legal basis: Art. 6 (1) first sentence lit. a GDPR), or the transmission of data is required to preserve the legitimate interests of our law firm or a third party, in particular a client, and these are not overridden by the interests or fundamental rights and freedoms of the Data Subject, which require the protection of personal data (legal basis: Art. 6 (1) first sentence lit. f GDPR).

2. Cookies: We do not use any cookies. This is why our website does not pop up a cookie banner.

3. Data storage timeframes: The mandatory retention period for files by attorneys at law and patent attorneys is currently six years, commencing upon expiry of the calendar year in which the concrete case ended; moreover, the general tax and/or commercial retention periods apply. Our law firm will store the personal data related to clients and client matters for at least the duration of these time limits. In addition, in individual cases, processes, on the basis of Art. 6 (1) first sentence lit. f GDPR, personal data related to clients and client matters also beyond these statutory retention periods, to the extent that this is appropriate and necessary, in particular in the case of open-ended client relationships, for the ongoing maintenance, monitoring, preservation and other legal interests. In this regard, in the case of open-ended client relationships, the data related to individual matters will not be deleted prior to the end of the client relationship to enable information from completed matters to be taken into acount in respect of the advice on current and future matters. Moreover, processing beyond the statutory data retention periods is carried out for the purpose of identifying and preventing so-called conflicts of interest when before working on new cases as well as for providing information to clients, including in relation to concluded matters. Contact data not related to a specific client and/or client matter, concerning, for example contact persons at service providers (e. g. research providers) is stored for as long as this is needed for the purposes described above.

4. Your rights and final information

a) You have the right to request confirmation from our law firm on whether personal data concerning you is processed. If this is the case, you have a statutory right of access to information regarding this personal data (Art. 15 GDPR in conjunction with Sec. 34 German Federal Data Protection Act (BDSG)).

b) You also have the right to request that inaccurate personal data be rectified and where applicable – taking into account the purposes of the processing – incomplete personal data be completed, including by means of a supplementary statement (Art. 16 GDPR). Moreover, in the cases laid out in Art. 17 GDPR, you have a right to request that personal data be deleted, provided no exception as per Art. 17 (3) GDPR applies, as well as that the processing be restricted in the cases laid out in Art. 18 (1) GDPR. There is also a right to have data portability ensured in the cases laid out in Art. 20 (1) GDPR.

c) If there has been a breach of data protection legislation, the person affected may file a complaint with the competent regulatory authorities. The competent regulatory authority for matters related to data protection legislation is the data protection officer of the German state in which our law firm is headquartered. A list of data protection officers and their contact details can be found at the following link: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.

d) The right to object to processing on the basis of legitimate interests: To the extent the processing of data is based on Art. 6 (1) (f) GDPR (“legitimate interests”), you have the right, under Art. 21 GDPR, to object at any time, for reasons related to your particular situation, to the processing of personal data concerning you. In the case of an objection, our law firm will no longer process the personal data, unless the processing serves the assertion, exercise or defence of legal claims or our law firm can prove necessary, legitimate grounds for the processing which override the interests, rights and freedoms of the Data Subject.

e) An automated decision-making does not take place.

f) We hereby expressly prohibit the use of contact data published in the context of website legal notice requirements with regard to sending promotional and informational materials not expressly requested. This Data Protection Policy was last updated on 27 June 2022 and may in future be modified according to changing circumstances, in particular to conform to amendments to legal requirements, the practice of public authorities or case law. The latest version can always bee read at https://www.siewer.net/datenschutz.