Privacy Policy

Privacy  policy for contractual relationships (privacy information describing how we process data as part of a contractual relationship according to Articles 13, 14 and 21 of the European General Data Protection Regulation (GDPR))

(Last revised: 6 April 2023)

Thank you for visiting our website and for taking an interest in our company. The protection of your personal data is important to us. In accordance with Articles 12, 13 and 21 of the European General Data Protection Regulation (GDPR), we would like to inform you below about how we handle your personal data when you use our website www.luther-lawfirm.com.

Personal data means information about the personal or factual circumstances of a specific or identifiable natural person. This includes information such as a person’s civil name, address, telephone number and date of birth.

1. Controller

Controller within the meaning of the General Data Protection Regulation: Luther Rechtsanwaltsgesellschaft mbH
Anna-Schneider-Steig 22
50678 Cologne
Germany
Phone +49 221 9937 0
Fax +49 221 9937 110
Email: contact@luther-lawfirm.com

2. Data protection officer

Contact details of our data protection officer: Data Protection Officer
Luther Rechtsanwaltsgesellschaft mbH
Anna-Schneider-Steig 22
50678 Cologne
Germany
Phone +49 221 9937 0
Fax +49 221 9937 110
Email: data.privacy@luther-lawfirm.com

3. Personal data

Personal data means information about the personal or factual circumstances of a specific or identifiable natural person. Your personal data, therefore, includes all the data that contains information about your personal or factual circumstances and allows your identification, such as your name, your address, your telephone number or your email address.

4. Purposes and legal bases of the data processing

4.1 Informational use of our website

You can visit our website without providing any personal information. If you only use our website for information purposes, that is, if you do not log in, register, place an order or otherwise provide us with information about yourself, we will not process any personal data, with the exception of the data that your browser transmits to enable you to visit our website and information that is transmitted to us in connection with cookies used to statistically analyse the use of our website.

4.1.1 Making our website technically available

To make our website technically available and to ensure the security of our information technology systems, we need to process certain information from you that has been transmitted automatically so that your browser can display our website and you can use it. Said information is collected automatically each time our website is visited and is stored in our server log files. The information relates to the computer system of the computer used to visit our website. The following information is collected:

  • IP address;
  • browser type/version (e.g. Firefox 59.0.2 (64-bit));
  • browser language (e.g. German);
  • host name of the computer from which our website is accessed;
  • operating system used (e.g. Windows 10);
  • inner resolution of the browser window;
  • website from which our website has been called up;
  • websites called up from our website;
  • visited pages of our website;
  • notification whether the retrieval was successful;
  • amount of data transferred;
  • screen resolution;
  • JavaScript enabled;
  • Java on/off;
  • cookies on/off;
  • colour depth;
  • date and time of access.

We also use cookies to make our website available to you. Cookies are text files that are stored in the internet browser or by the internet browser on your computer system when you call up a website. A cookie contains a unique code through which your browser can be identified when you revisit our website. We use such cookies exclusively to make our website available to you with all its technical functions. Certain functions of our website cannot be provided without using cookies. In addition to the data already mentioned, the following information is stored in the cookies and transmitted to us:

confirmation of the cookie banner and the information it contains (cookieconsent_dismissed).

We do not use the information that we collect through the aforesaid cookies to create user profiles or evaluate your activities on the internet.

  • for the performance of a contract or in order to take steps prior to entering into a contract according to Article 6(1)(b) GDPR, to the extent that you visit our website to obtain information about our products and about events organised by us; and
  • for the purposes of our legitimate interests according to Article 6(1)(f) GDPR to be able to make our website technically available to you. In this respect, our legitimate interest consists in being able to make an attractive, technically functional and user-friendly website available to you and in taking measures to protect our website from cyber risks and in preventing cyber risks to third parties from our website.

4.1.2 Statistically analysing the use of our website and increasing its reach

In order to statistically analyse how our website is used, we use Matomo and, hence, cookies that enable us to analyse your activities on the internet. This allows us to improve the quality of our website and its contents. We learn how our website is used and can use this information to optimise our offer on a continual basis.

The information obtained by statistically analysing our website will not be merged with your other data that has been collected within the framework of our website.

We will process your personal data on the following legal basis:

  • for the purposes of our legitimate interests according to Article 6(1)(f) GDPR. Our legitimate interest consists in measuring the reach of our website and statistically analysing the use of our website so as to be able to optimise our web offer and provide you with a user-friendly website that takes into account your user behaviour.

4.1.2.1 Matomo (privacy-friendly)

This website uses the web analytics software Matomo (https://matomo.org/what-is-matomo/) to collect and store data, in particular your IP address, from which user profiles are then created using pseudonyms. These user profiles can be used to analyse the behaviour of visitors to our website and are evaluated in order to improve our offer and design it in line with requirements. To this end, cookies may be used. The pseudonymised user profiles are not merged with personal data about the bearer of the pseudonym. Furthermore, the software is stored locally and only allows the data to be stored for a limited period of time.

You can prevent the collection of data by Matomo by enabling the following “opt-out cookie”:

You have the option to prevent your present actions from being analysed and connected. This would protect your privacy but would also prevent the owner from learning from your actions and using this knowledge to make this website more user-friendly for you and other users.

Please note that you must enable the opt-out cookie in each browser that you use and on all of your devices and that you will have to enable it again, where applicable, if you delete all the cookies in a browser.

4.1.2.2 Social links

Our website contains links to services such as Facebook, Twitter, LinkedIn, Xing and YouTube. After clicking on the link, you will be forwarded to the website of the respective provider, which means that only then will user data be transmitted to that provider. For information on how your data is handled when using the websites of other providers, please refer to the respective provider’s privacy notice.

4.2 Active use of our website

Aside from the purely informational use of our website, you can also use our website actively to order one of our products, sign up for an event, register to receive our newsletter or get in contact with us. In addition to the above-described processing of your personal data, in the event of a purely informational use, we will then also process further personal data about you that we need to be able to handle your order or to process and answer your request.

4.2.1 User requests

To be able to handle and answer your requests addressed to us, e.g. via the contact form or to our email address, we will process the personal data you have provided to us in this connection. This includes in any case your name and your email address, so that we can send you an answer, and any other information that you send to us as part of your communication.

We will process your personal data on the following legal bases:

  • for the performance of a contract or in order to take steps prior to entering into a contract according to Article 6(1)(b) GDPR, to the extent that you use our portal to obtain information about the services that we offer and request them;
  • for the purposes of our legitimate interests according to Article 6(1)(f) GDPR; our legitimate interest consists in properly answering customer requests.

4.2.2 Sending a job application

We will process the personal data that you provide to us as part of your job application, for example, via our recruitment applicant tool. For details on this, please refer to the privacy policy for job applicants (Data Privacy- Luther (luther-karriere.com) ).

4.2.3 Marketing purposes, such as newsletters, surveys, etc.

With your consent, we will use your data for marketing purposes, for example, to send you our newsletter, for marketing surveys or to invite you to events that we think may be of interest to you. To this end, we will process mandatory information, such as your email address, but also information that you provide to us voluntarily. We will use the voluntary information to permanently improve our services and to make them more customer-friendly for you, to be able to address you individually in the future, to analyse your preferences and inform you about the services that best suit you, and to make our advertising more useful and interesting for you. You can unsubscribe from these notifications at any time by sending an email to our contact address given in Section 1 above, or by clicking on the link provided in the newsletter and carrying out the deregistration process.

Analysing and evaluating such information allows us to improve our website and our offer and ensure we do not engage in random advertising. Instead, we can send you advertising materials such as newsletters, product recommendations or invitations by email or promotional letters which correspond to your areas of interest. If you have provided us with your email address in connection with the purchase of goods or services, we may subsequently use this address to send you a newsletter. In this case, the newsletter will only be used to directly advertise our own, similar goods or services.

We will process your personal data on the following legal bases:

  • if you have given us your consent via the double opt-in process according to Article 6(1)(a) GDPR;
  • if you have given us your email address in connection with the purchase of goods or services or we send you personalised advertising materials, for the purposes of our legitimate interests according to Article 6(1)(f) GDPR in conjunction with Section 7(3) German Act against Unfair Competition (UWG); our legitimate interest is based on our economic interest in taking promotional measures and in target group-oriented advertising.

Using data for promotional emails and your right to object

If we receive your email address in connection with the conclusion of a contract and the provision of services by us and you have not objected to this, we reserve the right to regularly send you emails containing offers for similar services from our offering. You can object to this use of your email address at any time by sending a message using the contact details referred to below or via a link provided for this purpose in the marketing email without incurring any costs other than the base-rate transmission costs.

4.2.4 Registering for events

If you register for an event via our website, we will process your personal data to receive the registration. To this end, we will process the following information (voluntary information is marked with the addition “if applicable”):

  • information about the company:[MG3] 
    • company name;
    • street;
    • PO box number, if applicable;
    • post code;
    • town;
    • country;
    • industry, if applicable;
  • information about the participant:
    • title;
    • department;
    • position;
    • given name and surname;
    • academic title or other, if applicable;
    • phone number;
    • email address.

Payment

If a fee is incurred when registering for an event, we will process further data for the purpose of processing the relevant payment, such as the amount payable and, if applicable, your bank details or the receipt of the payment. We may also instruct a payment service provider to process the payment due in connection with your registration.

Legal basis

We will process your personal data on the following legal basis:

  • for the performance of a contract or in order to take steps prior to entering into a contract or contractual steps according to Article 6(1)(b) GDPR.

4.2.5 Credit check

If we make advance payments, we reserve the right to obtain a credit rating on the basis of mathematical-statistical procedures in order to safeguard our legitimate interests.

For this purpose, we will transmit the personal data needed for a credit check and use the information received about the statistical probability of default. The credit rating may include probability values (score values) calculated using scientifically recognised mathematical-statistical procedures. In these procedures, the risk of future default by the customer is inferred from a large number of parameters, such as income, address data, occupation, marital status and previous payment behaviour. The result is expressed in the form of a payment value (“score”). The information obtained in this way forms the basis of our decision as to whether to establish, implement or terminate the contractual relationship. However, the right to choose any of the payment options on offer will not depend on such information.

We will process your personal data on the following legal bases:

  • for the performance of a contract or in order to take steps prior to entering into a contract according to Article 6(1)(b) GDPR;
  • for the purposes of our legitimate interests according to Article 6(1)(f) GDPR, to the extent that we assert legal claims or defend ourselves in legal disputes or that we prevent or clarify criminal offences.

4.2.6 Complying with legal requirements

We will further process your personal data to comply with any other legal obligations to which we are subject in connection with the processing of your order. This particularly includes any retention periods under commercial, trade or tax law and obligations under the German Money Laundering Act (GWG).

We will process your personal data on the following legal basis:

  • for compliance with a legal obligation to which we are subject according to Article 6(1)(c) GDPR in conjunction with commercial, trade or tax law and the German Money Laundering Act (GWG), to the extent we are obliged to gather, record and keep your data.

4.2.7 Enforcing rights

We will furthermore process your personal data to be able to assert our rights and enforce our legal claims. We will also process your personal data to be able to defend against legal claims. Finally, we will process your personal data to the extent necessary for the prevention or prosecution of criminal offences.

We will process your personal data on the following legal basis:

  • for the purposes of our legitimate interests according to Article 6(1)(f) GDPR, to the extent that we assert legal claims or defend ourselves in legal disputes or that we prevent or clarify criminal offences.

5. Links

Some sections of our website contain links to third-party websites. Those websites are subject to their own privacy rules. We are not responsible for their operation, including how they handle data. If you send information to or via such third-party websites, you should check their privacy policies before providing them with information that can be attributed to you personally.

6. Categories of recipients

Initially, only our employees will obtain knowledge of your personal data. To the extent permitted or required by law, we will additionally disclose your personal data to other recipients who provide services to us in connection with our website. We will limit any disclosure of your personal data to the necessary scope, in particular, the scope necessary to be able to handle your requests.

Some of our service providers will receive your personal data as data processors and will then be obliged to handle your personal data strictly as instructed by us. Some recipients will handle your data transferred by us in an independent manner.

Please find below information about the different categories of recipients of your personal data:

  • if applicable, payment service providers and banks, for the purposes of processing payments;
  • external service providers, for the purposes of sending documents etc.;
  • IT service providers, for the purposes of administrating and hosting our website;
  • external service providers (e.g. credit agencies), for the purposes of carrying out money laundering and credit checks;
  • debt collection agencies and legal advisors, for the purposes of enforcing our claims.

7. Transfer to a third country

We will not transfer your personal data to countries outside the EU or the EEA or to international organisations.

8. Duration of storage

8.1 Informational use of our website

When you use our website for information purposes only, we will store your personal data on our servers exclusively for the duration of your visit to our website. After you leave our website, your personal data will be deleted without undue delay.

As a rule, all cookies installed by us, as well as the Matomo session cookies, will also be deleted after you leave our website. However, this does not apply to all of the cookies installed by Matomo. Some of them will be stored for a period of 12 months (pk_id), 6 months (_pk_ref) or 30 minutes (_pk_cvar, _pk_ses, _pk_hsr). In addition, you can delete installed cookies at any time yourself.

8.2 Active use of our website

When you actively use our website, we will initially store your personal data for the duration of time required by us to reply to your request, or for the duration of our business relationship. This also includes the initiation of a contract (pre-contractual legal relationship) and the implementation of a contract.

We will then additionally store your personal data until any legal claims that may arise out of our relationship with you have become time-barred so as to be able to use such data as evidence, if necessary. The limitation period is generally between 1 and 3 years, but can also be as long as 30 years.

We will delete your personal data upon expiry of the limitation period, unless we have a statutory retention obligation, for example, under the German Commercial Code (HGB, Sections 238, 257(4) German Commercial Code) or under the German Fiscal Code (AO, Sections 147(3), 147(4) German Fiscal Code). Such retention obligations can exist for a period of 2 to 10 years.

9. Your rights as a data subject

As a data subject, you have, and can assert against us, the rights set out below, if the statutory requirements are met:

Right to information: Under Article 15 GDPR, you may, at any time, demand to be given confirmation from us as to whether or not we are processing personal data in relation to you; where this is the case, you further have the right under Article 15 GDPR to demand to receive information from us about the personal data concerned and certain further information (inter alia, purpose of the processing, categories of personal data, categories of recipient, envisaged storage period, source of the data, use of automated decision-making and, where personal data is transferred to a third country, the appropriate safeguards) and a copy of your data.

Right to rectification: Under Article 16 GDPR, you may demand that we rectify the personal data stored in relation to you if such data is inaccurate or incorrect.

Right to erasure: If the requirements stipulated in Article 17 GDPR are met, you may demand that we erase your personal data without undue delay. A right to erasure does not exist if, for example, the processing of the personal data is necessary (i) for exercising the right of freedom of expression and information, (ii) for compliance with a legal obligation to which we are subject (e.g. statutory retention obligations) or (iii) for the establishment, exercise or defence of legal claims.

Right to restriction of processing: If the requirements stipulated in Article 18 GDPR are met, you may demand that we restrict the processing of your personal data.

Right to data portability: If the requirements stipulated in Article 20 GDPR are met, you may demand to receive from us the personal data in relation to you that you have provided to us, in a format that is structured, commonly used and machine-readable.

Right of revocation: You have the right to revoke your consent to the processing of personal data at any time with effect for the future.

Right to object: If the requirements stipulated in Article 21 GDPR are met, you may object to the processing of your personal data and, as a result, we must discontinue processing your personal data. The right to object exists only within the limits defined in Article 21 GDPR. Furthermore, our interests may conflict with the discontinuation of processing, such that we continue to be entitled to process your personal data despite your objection.

Right to lodge a complaint with a supervisory authority: If the requirements stipulated in Article 77 GDPR are met, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, your place of work or the place of the alleged infringement, if you consider that the processing of your personal data infringes the GDPR. The right to lodge a complaint exists without prejudice to any other administrative or judicial remedy.

The supervisory authority responsible for us is the State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia:

Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen
Kavalleriestr. 2-4
40213 Dusseldorf
Phone: 0211/38424-0
Fax: 0211/38424-10
Email: poststelle@ldi.nrw.de

We would recommend, however, that you always address your complaints, if any, in the first instance to our Data Protection Officer.

Where possible, your applications made in exercise of your rights should be sent in writing to the address stated in Section 1 above or directly to our Data Protection Officer.

10. Scope of your obligations to provide data

You are not generally obliged to disclose your personal data to us. However, if you do not do so, we will be unable to make our website available to you, answer the requests that you address to us and enter into a contract with you. All personal data that is not absolutely needed by us for the aforesaid processing purposes is marked as voluntary by the addition “if applicable” or otherwise.

11. Automated decision-making/profiling

We do not use any automated decision-making or profiling (automated analysis of your personal circumstances).

Information about your right to object, Article 21 GDPR

  1. You have the right to object at any time, on grounds relating to your particular situation, to the processing of your data which is carried out on the basis of Article 6(1)(f) GDPR (data processing based on balancing of interests) or Article 6(1)(e) GDPR (data processing carried out in the public interest). This also applies to profiling, as defined in Article 4(4) GDPR, based on said provisions.

If you object, we will no longer process your personal data unless we can prove that there are compelling reasons worthy of protection for such processing which outweigh your interests, rights and freedoms, or unless such processing serves the purpose of establishing, exercising or defending legal claims.

  1. We will process your personal data in individual cases also for direct advertising purposes. If you do not wish to receive advertisements, you have the right to object at any time; this also applies to profiling, to the extent carried out in connection with such direct advertising. Your objection, once received, will apply with effect for the future.
  2. In addition, upon receipt of an objection to this effect, we will stop processing your data for direct advertising purposes.

The objection does not need to be in any particular form but should be addressed to the address given in Section 1 above

12. Data Protection Luther Corporate Services

Data Protection Singapore
You can find our Data Protection Policy here. If you have any queries, requests or complaints on the subject of data protection in Singapore, please do not hesitate to contact our data protection officer:

Luther Corporate Services Pte Ltd
4 Battery Road, Bank of China Building #25-01, Singapore 049908
Email: dpo@luther-services.com

Data Protection Malaysia
You can find our Data Protection Policy here both in English and a Bahasa Malaysia version. If you have any queries, requests or complaints on the subject of data protection in Malaysia, please do not hesitate to contact our data protection officer:

Luther Corporate Services Sdn. Bhd.
Mrs Sue Wong
Unit No. L25-1, Level 25
TSLAW Tower No. 39, Jalan Kamuning
55100 Kuala Lumpur
Email: sue.wong@luther-services.com

13. Changes

We reserve the right to change this privacy policy at any time. Any changes will be notified by posting the revised privacy policy on our website. Unless otherwise specified, such changes will be effective immediately. Therefore, please check this privacy policy periodically to read the most current version.

Last revised in April 2023