We, Scheja & Partners GmbH & Co. KG, appreciate and welcome your interest in a business relationship with our law firm. Your privacy has the highest priority for us. We take the protection of your personal data and the confidential treatment of your personal data very seriously. We would like to inform you by means of the information below about the processing of your personal data in the context of the business relationship with you or your employer as well as about your data protection rights.
1. Controller
- Scheja & Partners GmbH & Co. KG
- Adenauerallee 136
- D-53113 Bonn
- Germany
- tel.: +49 (0) 228-227 226-0
- e-mail:
Encrypted contact form: /contact/contact.html
2. Data Protection Officer
You can reach our data protection officer here:
- Scheja & Partners GmbH & Co. KG
- Data Protection Officer
- Adenauerallee 136
- D-53113 Bonn
- Germany
Encrypted contact form: /contact/data-protection-officer.html
3. Categories of data
In the course of the business relationship with you or your employer, we only process those personal data of yours which are related to the business relationship. In detail, this may include:
Contact data: your first and last name, email address, postal address and telephone numbers, if applicable
Data relating to the business relationship: contents of inquiries, offers and invoices, communication in the context of the business relationship, documents
Contractual data: specifications of services and products, contractual documents
4. Purposes and legal bases of the data processing
a. Preparation and implementation of our business relationship
We process your personal data for the preparation and performance of the business relationship. The scope of the data processing and the purposes depend on the specific contract.
Provided that the business relationship exists or will be entered into with you personally, the data processing is effected on the basis of Article 6(1)(b) of the GDPR. If you act on behalf of a third party, especially your employer, the data processing is effected on the basis of Article 6(1)(f) of the GDPR, as far as it is compatible with your fundamental rights and freedoms.
b. Fulfilment of legal obligations
We also process personal data in order to comply with statutory obligations to which we are subject. These obligations may arise pursuant to commercial law, tax law, finance law, or criminal law. The purposes of the processing are based on the corresponding statutory obligation; in such cases, the processing usually serves the purpose of complying with governmental monitoring obligations and information obligations.
The data processing is effected on the basis of Article 6(1)(c) of the GDPR.
5. Obligation to provide data
You are not obliged to provide any personal data to us. However, as the specific case may require, it may be necessary to provide certain personal data for the preparation and implementation of a business relationship. Without these data we might not be able to perform the business relationship.
6. Sources
In addition to a direct collection of data, we may also collect personal data in the context of the preparation and implementation of our business relationship from other business partners, other companies/bodies and, as the case may be, your employer.
7. Recipients
In our firm, only those persons have access to your personal data who need access for the purposes listed in Number 4. We only transfer your personal data to external recipients if this is necessary for the performance of our business relationship or in the event that another statutory permission applies.
External recipients may include:
Processors: Service providers that we use for the provision of services, for example in the fields of technical infrastructure and maintenance of our IT systems.
Public bodies: Public authorities and official institutions to which we have to transfer personal data for mandatory reasons prescribed by statutory law.
Private bodies: Private bodies, to which we transfer your personal data based on a statutory regulation, such as lawyers and tax accountants as well as other companies and bodies, which we contact for the preparation and implementation of the business relationship.
8. Transfer to third countries
In the context of IT-Services and IT-Infrastructure we engage service providers, which are not located within the European Union or the European Economic Area. In doing so, we ensure prior to the transfer that, outside of exceptional cases permitted by statutory law, the recipient either possesses an appropriate level of data protection or appropriate safeguards exist. You can obtain an overview on the recipients in third countries and a copy of the appropriate or suitable safeguards. Please use the data provided in Section 1.
9. Period of retention
The personal data collected by us for our business relationship will be deleted when the statutory retention period expires, unless we are subject to a longer period of retention on the basis of statutory documentation obligations. In this case, we will delete your personal data after the statutory obligation ceases to apply.
10. Data subject rights
In accordance with the GDPR, you are entitled to the following rights as a data subject, provided that the respective statutory requirements are met:
Access: You have the right to receive information about the personal data pertaining to you that we process.
Rectification: You may demand that inaccurate personal data will be rectified. Furthermore, you may demand that incomplete data will be completed.
Erasure: In certain cases, you are entitled to demand the erasure of your personal data.
Restriction of processing: In certain cases, you are entitled to demand that we restrict the processing of your data.
Data portability: If you have made the data available to us based on a contract or consent, you are entitled to demand to receive the data which you provided to us in a structured, commonly used and machine-readable format or to have them transmitted by us to another controller.
Right to object
You have the right to object at any time to the processing of your personal data on the basis of Article 6(1)(f) of the GDPR for reasons arising from your particular situation. We will then no longer process such personal data for those purposes, unless we can provide compelling protected reasons for such processing that outweigh your interests, rights and freedoms, or the processing is necessary for the assertion of, exercise of, or defense against any legal claims.
Asserting your rights: To assert any of your abovementioned rights, please contact us by means of the contact details indicated in Number 1 above. When doing so, please make sure that we can clearly identify you.
Right to lodge a complaint with the supervisory authority: If you believe that the processing of the personal data concerning you is illegal, you may lodge a complaint with a supervisory authority, in particular in the member state of your habitual residence, your workplace, or at the location of the alleged breach.
11. Automated individual decision-making, including profiling
Automated individual decision-making, including profiling, within the meaning of Article 22 of the GDPR will not take place in connection with our business relationship.
Last update: November 2019