Data protection statement

I. What data will be processed by Gleiss Lutz when I visit its website?

When you visit the website of Gleiss Lutz, our servers will automatically store various data about your system, such as the type and version of your browser, your operating system, the website from which you arrive at the website of Gleiss Lutz, the pages of the website of Gleiss Lutz you access, the date and time of your access, your IP address, your Internet service provider, and other, similar data. Gleiss Lutz uses such data to be able to make the website accessible, to detect and resolve any technical problems, and to prevent and, if necessary, prosecute any misuse of the website of Gleiss Lutz. In addition, Gleiss Lutz uses these data in anonymous form, i.e. without the possibility of identifying the user, for statistical purposes and to improve the website. The legal basis for processing personal user data is Article 6 para. 1 subpara. 1 (f) GDPR.

II. How are cookies used?

Gleiss Lutz’s website uses cookies. Cookies are small text files that are stored on the hard drive of the user to exchange certain settings and data with the systems of Gleiss Lutz via the browser. A cookie generally contains the name of the domain from which the cookie data were sent, as well as information on the age of the cookie and an alphanumeric identifier. Information stored in cookies are not used to identify users and are not merged with any other stored personal data about users. 

Cookies can be blocked or restricted by changing the settings of your browser. Cookies that have already been stored may be deleted at any time. This can also be done automatically. If cookies for the Gleiss Lutz's website are blocked, then you may no longer be able to fully use all functions of the website.

Cookies are only stored and used to process personal data with your consent and for the purpose of gathering information on how you use our website in order to measure the reach and effectiveness of our services.

Gleiss Lutz uses functions of Google Analytics’ web analytics service. The provider is Google LLC., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA (“Google”). Google Analytics also uses cookies. The information on the use of this website generated by the cookie is generally transmitted to a Google server in the U.S. and stored there.

Gleiss Lutz’s web pages use Google Analytics with the “anonymize IP” option. This means that your IP address collected by the Google Analytics cookie will be masked within Member States of the European Union or other signatory states to the Agreement on the European Economic Area before it is transferred to the United States. Only in exceptional cases will the full IP address be transferred to a Google server in the United States and masked there. Google is certified under the EU-US Privacy Shield program. For further details, please see https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active#other-covered-entities. We nevertheless draw your attention to the fact that your personal data are not protected in the U.S. in the same way as in the EU. Under certain circumstances, your access to effective legal protection may be restricted.

Google uses the information generated by the Google Analytics cookie on behalf of Gleiss Lutz, to analyse usage of the website, prepare reports about website activities, and provide additional services to Gleiss Lutz related to website use and internet use. The IP address transmitted by your browser in connection with Google Analytics will not be merged with any other data of Google. More detailed information about the terms of use and data privacy is available at http://www.google.com/Analytics/terms/de.html and http://www.google.com/intl/de/Analytics/privacyoverview.html. 

The legal basis for data processing and in particular transmission to the U.S. is Article 6 para. 1 subpara. 1 (a) GDPR. You may withdraw your consent at any time with effect for the future. 

You may also prevent Google from tracking and processing your personal data that are generated by the Google Analytic cookie about your use of the website by downloading and installing the browser plugin available at the following link (http://tools.google.com/dlpage/gaoptout?hl=de). Note, however, that in such case, you may no longer be able to fully use all functions of the website. You may also prevent tracking by Google Analytics by accessing the following link. If you do so, an opt-out cookie will be placed that will prevent tracking of your data during future visits of the website of Gleiss Lutz: Deactivate Google Analytics. You may also block or restrict cookies by changing the settings of your browser. Cookies that have already been stored may be deleted at any time. This can also be done automatically. If cookies for the website of Gleiss Lutz are blocked, then you may no longer be able to fully use all functions of the website. If you want to accept cookies only from Gleiss Lutz, but not from service providers and partners of Gleiss Lutz, then you can select the browser setting "block cookies of third-party providers" (or comparable).

III. How will data that I enter into the contact form be processed?

The website of Gleiss Lutz allows you to contact Gleiss Lutz by using the contact form. To do so, you must provide your title (Mrs./Mr.), first name and last name, and email address, as well as the text of your inquiry and the purpose of your inquiry (career/media/events/general). In addition, you may provide your professional title, address, and telephone number, if you wish. Personal data transmitted to Gleiss Lutz in this connection will be used exclusively to process your inquiry. The legal basis for processing data is Article 6 para. 1 subpara. 1 (f) of the GDPR.

IV. What happens if I subscribe to a newsletter?

1. On the website of Gleiss Lutz you may subscribe to our newsletter. To do so, you must provide your e-mail address, first and last name, professional title, position in the company if applicable, the name of your company, and the topics on which you wish to receive information via the newsletter. Additional information may be provided on a voluntary basis. This information will be used exclusively to send out the newsletter and will not be transferred to any third parties. The legal basis for data processing is Article 6 para. 1 subpara. 1 (a) GDPR. You have the right to revoke your consent at any time, without thereby affecting the lawfulness of data processing that has occurred up until consent is revoked. If consent is revoked, then you will no longer receive the newsletter.

2. When you subscribe to our newsletter, your IP address and the date and time of subscription and e-mail verification will be collected. These data will be processed exclusively for the purpose of allowing us to reconstruct any possible misuse of your e-mail address. The legal basis for processing of the aforementioned data is Article 6 para. 1 subpara. 1 (f) of the GDPR.

3. Our newsletter contains a so-called “tracking pixel”. A tracking pixel is a miniature image file that is embedded in e-mails in HTML format. The embedded tracking pixel allows Gleiss Lutz to recognise whether and, if so, when you open the newsletter and on which of the links in the newsletter you click. Data collected via tracking pixels in our newsletters are stored and processed in anonymous form for statistical purposes to optimise distribution of our newsletter and to tailor the content of future newsletters even more to the interests of the recipient.

V. How is my data processed when I watch a video on the Gleiss Lutz website?

Gleiss Lutz uses a plugin from video service Vimeo.com, Inc., 330th West 34th Street, 5th Floor, New York, New York 10001, USA (“Vimeo”) to embed videos and make them available on its website.

Usage and log data, such as time and date of use, IP address, interaction and similar data are processed in order to provide the video. For more information on Vimeo’s data processing, visit https://vimeo.com/privacy.

Gleiss Lutz receives anonymised statistical data on the use of the embedded videos.

Gleiss Lutz may process personal data when you interact with an embedded video, for example if you leave comments. In this case, this information is transmitted by Vimeo to Gleiss Lutz.

The legal basis for processing personal data is Article 6 para. 1 subpara. 1 (f) GDPR. The legitimate interest is the provision of an appealing website including the embedded videos.

VI. How long will my personal data be stored for?

Personal data of visitors to our website will be erased if and when they are no longer necessary for the purposes described in this Data Privacy Policy, unless a longer storage period is required by applicable law. Data about your use of our website will generally be stored for a period of 30 days (section B.I). Cookies will generally be stored for the aforementioned purposes for a period of 30 days (section B.I). You can also independently delete the cookies at any time. Information you enter into the contact form will be erased as soon as your inquiry has been fully processed (section B.III.) Newsletter subscription data will be stored until you unsubscribe from the newsletter (section B.IV.). Gleiss Lutz does not generally store data in connection with the viewing of each video (B.V.) for longer than is necessary for the provision of that video. Please note that Vimeo may store the data for a longer period. For further information on Vimeo’s data processing, visit https://vimeo.com/privacy.

Gleiss Lutz will process personal data insofar as this is necessary for the establishment of client relationships and the handling of client matters.

I. Who are the data subjects?

Gleiss Lutz processes personal data of

• clients and their employees and board members (management board members, managing directors)

• third parties whose personal data are required for the establishment of the client relationship or the handling of the client matter. Such third parties include direct and indirect shareholders of the client, business and contractual partners as well as advisors of the client, (potential) opponents in a legal dispute and their legal advisors as well as in each case the employees and board members of the aforementioned persons and entities

• employees of authorities and courts

• witnesses and experts

II. What personal data will be processed?

Gleiss Lutz will process the following categories of personal data insofar as they are necessary for the establishment of a client relationship or the handling of a client matter:

• contact information, especially first name and last name, title if applicable, address, telephone number, e-mail address,

• information on occupation,

• information on income and financial circumstances

• other personal data that are necessary for the determination and legal assessment of the facts of the matter and the provision of appropriate legal advice and representation of the client in connection with the matter.

In individual cases, the data processed by Gleiss Lutz may also include special categories of personal data within the meaning of Art. 9 of the GDPR (e.g. data concerning health) and data on criminal convictions and offences within the meaning of Art. 10 of the GDPR.

III. Where do the data processed by Gleiss Lutz come from?

Gleiss Lutz receives personal data either directly from the data subjects (e.g. when corresponding with contact persons at the client and/or opposing party) or from the following sources:

• clients

• courts and authorities (e.g. when inspecting files and/or receiving information)

• other third parties (e.g. parties to the proceedings, witnesses etc.)

• publicly accessible sources (public registers, internet searches)

IV. For what purposes will the data be processed?

Gleiss Lutz will process data in connection with a client matter for the following purposes:

• to fulfil legal requirements (e.g. according to the Money Laundering Act) to identify the client and the beneficial owners associated with the client. The legal basis for this processing is Art. 6 para. 1 subpara. 1 (c) of the GDPR

• to check for possible conflicts of interest before accepting a matter

• to determine and legally assess the facts of the matter

• to provide legal advice and represent the client

• to correspond with clients, authorities, courts and other parties involved

• to issue invoices

• to process and assert other claims arising from the client relationship.

The legal basis for these processing activities is, insofar as personal data of the client is processed, Art. 6 para. 1 subpara. 1 (b) of the GDPR; otherwise, Art. 6 para. 1 subpara. 1 (f) of the GDPR applies. The legal basis for the processing of special categories of personal data is Art. 9 para. 2 (f) of the GDPR.

V. To whom is personal data transferred?

Insofar as this is necessary to work on a client matter, Gleiss Lutz will transfer personal data to the following recipients:

• clients

• authorities and courts

• other third parties. These include direct and indirect shareholders of the client, business and contractual partners as well as advisors of the client, (potential) opponents in a legal dispute and their legal advisors

In individual cases, data will also be transferred to recipients in third countries outside the European Union or the European Economic Area for which the European Commission has not formally established the existence of an adequate level of data protection in accordance with Art. 46 of the GDPR. Insofar as the transfer is not necessary for the establishment, exercise or defence of legal claims (Art. 49 para.1 subpara. 1 (e) of the GDPR) and there is no other reason for the transfer pursuant to Art. 49 para. 1 of the GDPR, appropriate safeguards for the protection of the personal data at the recipient are provided for, generally in the form of data protection agreements on the basis of so-called standard data protection clauses pursuant to Art. 46 para. 2 (c) of the GDPR. Further information on these safeguards can be obtained from Gleiss Lutz’s data protection officer at datenschutz@gleisslutz.com.

VI. How long will the personal data be stored?

Personal data will be stored for as long as it is necessary to process these for the purposes described in IV., unless statutory provisions prescribe a longer storage period.

Gleiss Lutz processes personal data in the course of its cooperation with service providers, suppliers and other business partners (together: “business partners”).

I. Who are the data subjects?

Gleiss Lutz processes personal data of its business partners and their employees.

II. What personal data will be processed?

Gleiss Lutz will process the following categories of personal data insofar as they are necessary to establish or implement its contractual relationships with the business partner:

• contact information, especially first name and last name, title if applicable, address, telephone number, e-mail address,

• information on occupation,

• bank account details

III. Where do the data processed by Gleiss Lutz come from?

If Gleiss Lutz does not receive personal data directly from the data subjects (e.g. when corresponding with contact persons at the business partner), the data usually come from the business partner as the employer of the data subject.

IV. For what purposes will the data be processed?

Gleiss Lutz will process the personal data referred to in II. in order to establish, implement and execute the contractual relationship with its business partner. The legal basis for these processing activities is, insofar as personal data of the business partner is processed, Art. 6 para. 1 subpara. 1 (b) of the GDPR; otherwise, Art. 6 para. 1 subpara. 1 (f) of the GDPR applies.

V. How long will the personal data be stored?

Personal data will be stored for as long as it is necessary to process these for the purposes described in IV., unless statutory provisions prescribe a longer storage period.

If you have consented to receive information about current legal developments and events of Gleiss Lutz, then we will use your contact information (title, first name and last name, professional title, business address and position, and email address) to send you requested information (generally by email). The legal basis for this processing is Art. 6 para. 1 subpara. 1 (a) of the GDPR. You may revoke your consent at any time with effect for the future. If you revoke your consent, we will no longer send you information and delete your contact information. The same applies, whether or not you revoke your consent, if we have had no contact with you for more than two years. Your contact information will not be deleted if we have a right or obligation to continue to store your information for other legal reasons (e.g., in connection with working on a client matter).

If we invite you to an event based on your consent, we will process the aforementioned data in order to provide you with a registration form that has already been filled out. If you register for the event, we will process your name as well as what company or entity you work for and in what position, so that we can provide you and the other attendees with a list of all those who will be attending. If the event is organized and/or held together with our European Network, your name, title/position and company affiliation may in particular be shared with and processed by our partner firms Chiomenti Law Firm (No. 43 XXIV Maggio, 00187 Rome), Cuatrecasas, Gonçalves Pereira, S.L.P. (Diagonal 191, 08018 Barcelona) and Gide Loyrette Nouel Law Firm, LLP (15 rue de Laborde, 75008 Paris) for the purposes of holding the event. The legal basis for this processing is Art. 6 para. 1 subpara. 1 (f) of the GDPR.

It is also possible that you are invited to a joint event as a contact of one of our partner firms and Gleiss Lutz carries out the invitation management for the event, i.e. in particular documents and manages acceptances and declinations. For this purpose, we collect your name, contact details, data on your company affiliation and your possible participation in the respective event from you, if you register via the online registration form provided by Gleiss Lutz after having been invited by a partner firm. If you accept or decline, possibly also updating your contact details, this will be managed by Gleiss Lutz and Gleiss Lutz may pass on your updated data to the partner firm that invited you to the event. If you do not react to the invitation, Gleiss Lutz will process no personal data about you in connection with the event. The legal basis for this processing activity is Article 6(1), first subparagraph, point (f) DS-GVO, as Gleiss Lutz and its partner law firms have a legitimate interest in the effective running of the event and in keeping the data you have provided to us up to date. This leaves untouched the sharing of names, job/position titles and company affiliation as described above.

This section contains information about how your personal data will be processed by Gleiss Lutz if you

• have applied for position at Gleiss Lutz on the career portal,

• have worked at Gleiss Lutz as an intern, research assistant, or articled clerk (Referendar),

• have applied for attendance of an event for lawyers-in-training or have attended such an event, or

• will attend or have attended an event for lawyers-in-training which is organized by a third party and at which Gleiss Lutz is present as an exhibitor.

I. What personal data will be processed?

1. Gleiss Lutz will process the following categories of personal data:

1.1 Contact information, in particular your first name and last name, your position if applicable, and your address, telephone number, and email address,

1.2 information about your qualifications, in particular your academic credentials and other information included in your curriculum vitae, including information about prizes, scholarships, and extracurricular activities, information about dissertation projects, information about your educational and professional experience, and copies of your academic transcripts and certificates,

1.3 any photographs that you may enclose with your application, and

1.4 information about any (planned or desired) future steps in your education or career and about your professional focuses and interests.

2. Generally, Gleiss Lutz will collect such data directly from you. In some cases, Gleiss Lutz will receive data about you from third parties who independently organize events for lawyers-in-training and to whom you have made your data available for sharing with potential employers. Depending on the event, such third parties may be universities, career portals (such as e-fellows.net), student organizations (such as ELSA), or trade fair organizers (such as myjobfair.de).

II. For what purposes and on what legal basis will my personal data be processed?

1. Users of our career portal

If you avail yourself of the opportunity to apply for a position at Gleiss Lutz online using our career portal, then Gleiss Lutz will process the data referenced in section D. I. above to the extent necessary for processing your application. The legal basis for such processing is § 26 of the Federal Data Protection Act in conjunction with Art. 88 of the GDPR.
If your application does not result in a job offer right away, then we would like to continue processing your data after the application process has been completed in order to notify you of future job openings and events at Gleiss Lutz that match your profile, and to send you information about current developments at Gleiss Lutz three to four times a year. We will process your data after the application process has been completed only with your express consent (Art. 6 para. 1 subpara. 1 (a) of the GDPR). You may revoke your consent at any time with effect for the future. Your refusal or revocation of consent will have no impact on the processing of your application. However, without your consent, we will unfortunately not be able to contact you with regard to future job openings or events or to send you information about current developments at Gleiss Lutz.

2. Former interns, research assistants, and articled clerks

We would like to stay in touch with lawyers-in-training who have worked for us even after they leave Gleiss Lutz. As a former intern, research assistant, or articled clerk, you may therefore become a member of our "Gleiss Lutz Fellows Club." Club members will receive information about job openings and invitations to events of Gleiss Lutz that match their profiles. In addition, they will receive information about current events at Gleiss Lutz by email three to four times a year.
We may process your personal data referenced in section D. I. for the aforementioned purposes after you have left our firm and may send you the aforementioned information, but only with your express consent (Art. 6 para. 1 subpara. 1 (a) of the GDPR). You may revoke your consent at any time with effect for the future. If you do so, however, we will unfortunately no longer be able to stay in touch with you.

3. Attendance at events for lawyers-in-training

If you apply for attendance of an event for lawyers-in-training which is organized by Gleiss Lutz or at which Gleiss Lutz is present as an exhibitor, then we will process your data referenced in section D. I. to hold the event and to facilitate your attendance. For events organized by Gleiss Lutz, we may also include your name and current professional position in an index of attendees that will be made available to other attendees of the event (possibly also in electronic form). The legal basis for such data processing is Art. 6 para. 1 subpara. 1 sent. 1 (b) of the GDPR.
Even after the events have ended, we would like to continue processing your data in order to send you information about future job openings and events at Gleiss Lutz that match your profile and would like to send you information about current developments at Gleiss Lutz once or twice a year. We will process your personal data for this purpose only with your express consent (Art. 6 para. 1 sentence 1 (a) of the GDPR). You may revoke your consent at any time with effect for the future. If you do so, however, we will unfortunately no longer be able to stay in touch with you.

III. How long will my personal data be stored?

1. If an application does not result in employment at Gleiss Lutz, personal data collected on the career portal or otherwise for purposes of a job application will be further processed for evidentiary purposes for a maximum time period of three years after the application process has ended and thereafter will be erased or rendered anonymous.

2. Personal data of attendees of events for lawyers-in-training will be erased or rendered anonymous within 3 months following the end of the event, unless you consent to further processing of such data (see section 3 below).

3. If you have consented to the processing of your personal data so we can stay in touch with you and send you information, then your personal data that are stored for these purposes will be erased after a maximum time period of five years.

Gleiss Lutz processes personal data to the extent necessary for communication and cooperation with you via Microsoft Teams.

Gleiss Lutz personal data of

• you as the person communicating or cooperating with us via Microsoft Teams,
• other persons who are the object of such communication or cooperation, for example your employees, colleagues, advisors.

Gleiss Lutz processes the following categories of personal data to the necessary extent:

• information you have entered into your own Microsoft Teams account,
• technical data necessary for operation of the Microsoft Teams functions, in particular IP address, time and duration of usage, protocol and other usage data,
• audio- and/or video data of participants in audio-/video conferences,
• contact information, in particular first and last name, title if applicable, address, phone number, e-mail address,
• information on business or professional activity,
• other information in connection with the communication or cooperation.

The purpose and legal basis for the processing of personal data generally derives from the background of the respective communication or cooperation. Such backgrounds and the respective legal bases are described in sections B to G of these data protection information. Otherwise, the legal basis is Article 6(1)(f) GDPR.

For the technical operation of the Microsoft Teams features, we transfer the abovementioned data to Microsoft. In this regard, Microsoft is subject to strict duties of confidentiality and will process the data only on behalf and in accordance with the instructions of Gleiss Lutz. In connection with this, the abovementioned data may be transferred to countries outside the EU/EEA, in particular the USA. To ensure the adequate protection of the data there, we have concluded standard contractual clauses adopted by the European Commission and also agreed on supplemental measures. We are happy to provide you with a copy of these clauses on request.

Audio- and video data collected during an audio-/video conference or a screen sharing session will be processed only for the duration of the conference or session and will be deleted immediately after. Records to be stored further will not be created without your separate and express consent.

Communication via text and data in connection with cooperation on a co-working platform will be stored as long as necessary given its background (see in particular section C. of this data protection information). Otherwise, they will be deleted or anonymized as soon as they are no longer necessary, unless further storage is allowed or required by law.

Gleiss Lutz processes personal data to the extent necessary for the processing of applications in connection with the Gleiss Lutz Start-up Program, to decide on the application.

Gleiss Lutz processes personal data of

• the applicant,
• if necessary, to the extent relevant for the business case of the start-up and provided by the applicant, owners, shareholders, employees, members of corporate organs, investors, creditors, debtors, suppliers, customers and/or advisors of the start-up (or, as applicable, their employees and/or members of corporate organs) which is subject of the application, as well as of
• other relevant persons in connection with the start-up, if necessary.

Gleiss Lutz processes the following categories of personal data to the necessary extent:

• contact information, in particular first and last name, title if applicable, address, phone number, e-mail-address,
• information on business or professional activity,
• information on income and/or assets,
• information on qualification, curriculum vitae and/or particular skills or attributes,
• other information in connection with the business case of the start-up.

To the extent Gleiss Lutz does not receive personal data directly from the data subjects (e.g. in the course of correspondence with contacts at the start-up), the data are collected from the start-up or the applicant.

The legal basis for the processing of these personal data is, in general, Article 6(1)(f) GDPR. In individual cases in which a natural person applies as a sole businessman, the legal basis is Article 6(1)(b) GDPR.

If the application is successful and, in consequence, a client relationship is established, the abovementioned personal data will potentially be processed further in connection with such relationship (see section C.). If the application is not successful the data will be erased without undue delay.

For business development purposes, Gleiss Lutz conducts research into companies that it may potentially wish to work with, be it as clients, suppliers or other business partners. To this end Gleiss Lutz processes, to the extent necessary, personal data of owners, officers or employees of these companies.

I. What personal data is processed?

Gleiss Lutz processes the following categories of personal data where necessary for the above purpose:

• contact information, in particular first and last name, title where applicable, business address, business phone number, business e-mail address; and
• information about professional activity, in particular length of service and position held.

II. What sources does Gleiss Lutz use to obtain the data it processes?

Where the personal data is not obtained directly from the data subjects, Gleiss Lutz uses the following sources:

• the companies, especially their websites;
• publicly available professional/business databases, e.g. Mergermarket, Lexisnexis, Debtwire and the Federal Gazette (Bundesanzeiger);
• publicly available professional/business social networks, e.g. LinkedIn;
• publicly available press products, especially online, e.g. Handelsblatt, Financial Times;
• partner law firms; and
• publicly available lists of event attendees. 

III. What is the legal basis for the data processing?

As a general principle, Gleiss Lutz processes the personal data on the basis of its legitimate interest in optimising its business activities (Article 6(1)(f) GDPR). Data subjects will only be contacted by e-mail or telephone if they have given their consent (Article 6(1)(a) GDPR).

IV. Who will the personal data be transferred to?

The personal data will not be transferred to other data controllers.

Gleiss Lutz uses the services of external service providers for certain technical data processing procedures, and they are given access to your personal data in order to provide these services. These service providers are carefully selected and meet high data protection and data security standards. They are obliged to maintain strict confidentiality and process data only on behalf of Gleiss Lutz and in accordance with its instructions.

V. How long will the personal data be stored for?

Except where legislation stipulates a longer storage period, personal data is stored for as long as is necessary in order to process it for the above purpose. It will be deleted after 2 years at the latest if it has not been used for the above purpose by then.
 

In the context of certain client matters, Gleiss Lutz provides the CCP in order to be able to communicate, exchange data and collaborate with clients in a secure manner. In order to provide the CCP and ensure its security, Gleiss Lutz processes personal data of individuals who access and use the CCP.

I. What personal data are processed?

Gleiss Lutz processes the following categories of personal data where necessary for the above purpose:

• Contact information, in particular first and last name, title where applicable, business e-mail address, user account where applicable;
• Information about professional activity, in particular length of service and position held;
• technical data on access to and use of the CCP, in particular IP address, user name, password, date/time of access, duration of use, usage events, history of use, authorship of documents/actions; authentication method, authorisation level to view certain files.

II. Where do the data processed by Gleiss Lutz come from?

Where Gleiss Lutz has not obtained the personal data directly from the data subjects, the data come from the respective client to which the data subject belongs or which the data subject is advising.

III. What is the legal basis for the data processing?

As a general principle, Gleiss Lutz processes the personal data on the basis of its legitimate interest in providing the CCP in accordance with the relevant legal requirements and the needs of the client (Article 6(1)(f) GDPR). Should the data subject be the client himself/herself, the legal basis is Article 6(1)(b) GDPR. 

IV. Who will the personal data be transferred to?

The personal data processed for the purposes of the CCP may, depending of the needs of a client, be disclosed to the client, companies affiliated with the client or other advisors of the client to the extent this is necessary for the provision and/or use of the CCP for working on client matters.

Furthermore, such personal data will only be transferred to third parties insofar as this is necessary to work on the respective client matter (cf. section C above), satisfy legal obligations or assert, defend or exercise legal claims.

For certain technical data processing tasks, Gleiss Lutz is assisted by third-party service providers who will receive access to your personal data to provide such services. Those service providers have been carefully selected and meet high data privacy and data security standards. They are obliged to maintain strict confidentiality and process data only on behalf and in accordance with the instructions of Gleiss Lutz.

V. How long will the personal data be stored for?

Except where legislation stipulates a longer storage period, personal data is stored for as long as is necessary in order to process it for the above purpose.
 

1. For certain technical data processing tasks, Gleiss Lutz is assisted by third-party service providers who will receive access to your personal data to provide such services. Those service providers have been carefully selected and meet high data privacy and data security standards. They are subject to strict duties of confidentiality and process data only on behalf and in accordance with the instructions of Gleiss Lutz.

2. Gleiss Lutz works with companies and other entities with particular expertise in individual areas or certain specialised subjects (e.g. tax auditors, lawyers, consulting firms, logistics service providers). These are either subject to a duty of professional confidentiality or have been obliged by Gleiss Lutz to maintain confidentiality. Should it be necessary to forward personal data to them, the legal basis for this is Art. 6 para. 1 sent. 1 (b) or (f) of the GDPR, depending on what the respective cooperation involves.

3. Except as stated in this Data Privacy Policy, Gleiss Lutz will not transfer your data to any third parties without your express consent, unless Gleiss Lutz is required to do so by law, regulatory directive, or court order.