1. Preliminary remarks
In this Data Protection Statement, we wish to inform you about the way your personal data are handled by the law firm of Lean Group. The Data Protection Statement serves to inform you about the collection and use of your data while visiting our website and using the services offered there, as well as about the handling of your personal data as part of the mandate conferred on us, in particular about your rights in terms of data protection law.
When processing your personal data, we naturally comply with the applicable data protection provisions, in particular the European General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG) and the German Telemedia Act (TMG).
We are very much aware that the protection of your privacy is an important concern in connection with the mandate conferred on us or when you visit our website. We are very committed to your concerns. For this reason, we wish to inform you about which data concerning you we save, when we save them, and how we use them. With this Data Protection Statement, we not only want to comply with our legal obligations, but also inform you about our data protection measures. You can also contact our Data Protection Officer named below at any time.
The General Data Protection Regulation protects personal data. Pursuant to Article 4(1) GDPR, this means any information relating to an identified or identifiable natural person, such as name, address or date of birth, and telephone number or IP address.
2. Controller / Contact with Data Protection Officer
Lean Group GmbH, Taunustor 1, 60310 Frankfurt, Email: firstname.lastname@example.org
When you contact us by visiting our website, or by telephone, email or contact form, the information you provide will be saved by us pursuant to point (a) of Article 6(1) GDPR to allow us to process your request and any follow-up correspondence with you.
The contact with us will be recorded to be able to show that the contact was established in accordance with the legal requirements of the GDPR. Pursuant to point (f) of Article 6(1) GDPR, every time you visit our website general data and information are automatically collected and saved temporarily in a ‘log file’. The following information is collected automatically, i.e. without your intervention, and saved until it is automatically erased:
The collection and storage of these data is necessary to ensure a smooth connection to and convenient use of the website. In addition, these data are used to ensure the security of our IT systems to detect and resolve any technical problems that may occur, and to prevent or prosecute the abuse of or other unlawful activity on our website. Data are also collected and stored if we are legally obliged to do so, e.g. based on administrative or judicial directives, as well as to safeguard our rights and claims, and for legal defence.
We only use your personal usage data as part of our mandate and will potentially only merge them with other information if you have previously conferred a mandate on us. The legal foundation for the processing of the data is points (b) to (f) of Article 6(1) GDPR. The legitimate interest is derived from the purposes stated above.
4. Purpose and legal basis of data processing
We process your personal data in accordance with the provisions of the EU General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG), professional codes of practice in relation to data privacy, as well as all other relevant laws. Data are processed pursuant to point (b) of Article 6(1) GDPR for the purposes stated there, in this case for the proper processing of your mandate and for the mutual performance of obligations under the mandate agreement, as well as for the execution of precontractual measures.
We will only collect and use personal data obtained from you if they are necessary for the assertion and defence of your rights as part of the mandate conferred on us. The data are collected only for the purpose of providing appropriate legal advice to you and representing you in legal issues. We also process your data to pursue our legitimate interests or those of third parties, in particular to establish any claims against you (point (f) of Article 6(1) GDPR). Moreover, we process your personal data to comply with statutory obligations pursuant to point (c) of Article 6(1) GDPR (e.g. commercial or fiscal duties of retention or our advisory obligation). The mandate agreement cannot be concluded and/or performed without processing your personal data.
5. Disclosure of your personal data to third parties:
When we disclose your personal data to third parties, we always seek to ensure the highest possible security level. Your personal data are transmitted to third parties only in the cases listed below, for example if
In the operation and optimisation of our website, we employ service providers, e.g. in connection with the central IT infrastructure or for the hosting of our website. We have entered into agreements with the service providers concerned for the processing of data on our behalf pursuant to Article 28 GDPR. These processors may use the data made available by us only in accordance with our instructions. Both contracting parties are responsible for appropriate data protection precautions in this case. We have agreed to specific data protection precautions with our service providers. The employees and supervisors of the service providers are obliged to ensure the confidentiality of the data and to comply with this duty.
6. Cookies/Analysis tool
7. Your rights
Pursuant to the GDPR, you have rights in relation to the processing of your personal data, about which we herewith wish to inform you. If you wish to exercise any of the rights outlined below, you can inform us accordingly with a simple notification. Except for postage, you will not incur any expenses for the enquiry. The enquiry can be sent by email to the above email address.
Subject to any statutory restrictions, you have the following rights with regard to your personal data:
Pursuant to Article 77 GDPR, you have the right, moreover, to lodge a complaint with the competent supervisory authority for data protection of your federal state.
Competent authority for Hessen
Hessischer Beauftragte für Datenschutz und Informationsfreiheit (Data Protection Commissioner for Hessen), Postfach 3163, 65021 Wiesbaden.
8. Duration of storage
Your personal data will be erased upon expiry of the statutory retention period for lawyers (six years after expiry of the calendar year in which the mandate ended), unless we are obliged, pursuant to point (c) of Article 6(1) GDPR, in terms of fiscal or commercial law-related retention and documentation duties under the German Commercial Code (HGB), the German Criminal Code (StGB) or the German Tax Code (AO) to store the data for a longer period, or unless you have agreed to a longer storage duration pursuant to the first sentence, point (a) of Article 6(1) GDPR, or if the storage is required to pursue the legitimate interests of the controller or a third party pursuant to point (f) of Article 6(1) GDPR.
As part of our IT security, we use technical and organisational security measures to protect the data provided by you against accidental or intentional manipulation, loss, destruction or access by unauthorised persons. We continuously review and adapt our security precautions in line with data protection laws and technical advances. We protect our systems and data processing through technical and organisational measures, such as data encryption, pseudonymisation, anonymisation, access and entry controls, firewalls and restoration systems, as well as integrity testing. Our employees are regularly trained to handle your personal data in a confidential manner and are required to comply with data protection regulations in accordance with the data protection laws and professional codes of conduct.
10. Job applications
As part of the recruitment process, we collect, process and use your personal data exclusively to process your application and to conduct the recruitment process; the data only serve to assess your professional suitability and to contact you. In doing so, we only collect data that are required for the posted employment vacancy. The data you provide to us are transmitted initially to our HR department and processed and verified there. Thereafter, the HR department forwards your data as part of the recruitment process to the department(s) within our law firm that are involved in the selection process concerned. There your data are used as intended. If your application is successful and we conclude a contract with you, we include your data in your HR file. In doing so, the confidential handling of your data is of course guaranteed.
If your application is unsuccessful, your data are automatically erased six months after completion of the recruitment process. If you expressly consent to it, we will store your full application documentation for a period of 12 months to be able to inform you if a suitable position becomes vacant in our law firm. The above does not affect in any way to demand the erasure of your data at any time.