MYLE data protection information
Herewith we inform you how MYLE Partnerschaft von Rechtsanwält:innen mbB (hereinafter ‘MYLE’ or ‘we’) uses your personal data, what rights you are entitled to and who you can contact if you have any questions about data protection.
In most cases, you can decide which personal data you wish to share with us. However, if you refuse to do so, we may not be able to offer you certain services. Hereinafter have indicated mandatory information, which we require to provide our services accordingly.
This information was last updated in September 2024. From time to time, we have to make adjustments to reflect actual circumstances or legal or regulatory requirements; therefore, please check it the next time you visit our website to ensure you are up to date.
Name and contact details of the controller
MYLE Partnerschaft von Rechtsanwält:innen mbB
Wilhelmshavener Str. 65
10551 Berlin, Germany
Tel: +49 30 24048144
E-Mail: info@myle-law.com
1. Data processing on our website
We process your personal data when you visit our website and when you contact us.
1.1 Your visit to our website
Each time you visit our website, data that your browser automatically transmits to our server is stored. This includes your IP address, type and version of the browser used, time and date. The IP address is stored in anonymised form, i.e. it ceases to be personal data.
Legal basis: Data processing is carried out to safeguard our legitimate interests in accordance with Art. 6 (1) S. 1 lit. f GDPR:
- ensuring a smooth connection to the website;
- ensuring convenient use of our website;
- analysing system security and stability and
- for further administrative purposes.
Storage period: The aforementioned data is stored in a log file until it is automatically deleted after seven days. Backups are stored for 14 days in encrypted form. The storage period may be longer in individual cases, e.g. if this is necessary for legal action.
1.2 When you contact us
If you contact us electronically, e.g., by sending us an email, using the contact form on our website or calling us, we will process, as the case may be, your email address, your name and your other contact details as well as the information you provide in the enquiry.
In order to be able to answer your written enquiry, we need at least your email address. Its processing is therefore mandatory.
Legal basis: We process your data on the basis of Art. 6 (1) S. 1 lit. f GDPR, our legitimate interest in answering your general enquiry. If you contact us because you are seeking legal advice or are aiming to initiate another contract with us, the legal basis is Art. 6 (1) S. 1 lit. b GDPR. If we are legally obliged to store data, the legal basis is Art. 6 (1) S. 1 lit. c GDPR in conjunction with the respective legal provision.
Storage period: Your data will only be processed to answer your enquiry and will be deleted immediately as soon as your enquiry has been dealt with, unless a contract has been concluded (see section 3 below), there are legal storage obligations or legitimate interests in further storage on our part.
1.3 Our use of cookies and similar technologies
Information on the use of cookies and similar technologies (hereinafter collectively referred to as ‘Cookies’) on our website can be found in our cookie information, accessible via the footer of our website.
Cookies can store or read information on end devices. In this context, we may process personal data (e.g. language settings, meta, communication and process data such as IP addresses, time data, identification numbers).
Legal basis: We process the data collected with the help of cookies on the basis of our legitimate interests in improving the usability of our website in accordance with Art. 6 (1) S. 1 lit. f GDPR. If the processing is carried out and is necessary to fulfil our contractual obligations, it is based on Art. 6 (1) S. 1 lit. b GDPR.
Storage period: We delete the data as soon as its storage is no longer required or you request us to delete it; in the case of statutory retention obligations, we restrict the processing of the stored data accordingly.
2. Data processing on our social media channels
We maintain publicly accessible profiles on the social media platforms LinkedIn and Instagram. We are currently not using the options of so-called insights, which serve to evaluate the usage behavior of visitors.
If you use our profiles on social networks to interact with us (e.g. liking or sharing a post, following us, writing a comment or sending us a direct message), we process the data you provide to us for the purpose of contacting you. If we like, share or comment on your posts, the data you freely publish on the social media mentioned above will be made available to our followers on our profile. All information that you provide in your profile is publicly visible, i.e. members of the social network who log in and customers of the social media services can view it. This also applies to your activities within the service, such as:
- Comments on posts;
- “Like” markings;
- “Follow” function.
Group memberships are also publicly visible. When you share posts, the default setting is that this happens publicly. In the options you can limit the visibility of these posts to your contacts.
Legal basis: The legal basis for this data processing is Art. 6 (1) S. 1 lit. f GDPR, our legitimate interest to stay in touch with our business partners and interested parties and to inform them, as well as in public relations and market observation. If you contact us via social media because you are interested in our offer, the request also serves to carry out pre-contractual measures at your request, the legal basis is then Art. 6 (1) S. 1 lit. b GDPR.
Recipients:
The social network Instagram is operated by Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; the provider is therefore the recipient of your data;
The social network LinkedIn is operated by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland; the provider is therefore the recipient of your data; ;
With Instagram and LinkedIn, there is the possibility that some of the information collected may also be processed outside the European Union (EU) in the USA. The USA is a so-called third country in terms of data protection law.
If there is a decision by the European Commission on the existence of an adequate level of protection (see Art. 45 (3) GDPR) in a third country, no additional measures are required for the transfer. If data is passed on to recipients based in the USA, this will take place on the basis of the so-called Transatlantic Data Privacy Framework (DPF) of July 10, 2023, provided that the recipient has the appropriate certification. A list of the currently certified companies can be found here. In other cases, as well as when data is passed on to other so-called non-secure third countries, data will only be shared in compliance with Art. 46 et seq. GDPR.
The social media platforms we use and described above are headquartered in the USA and are certified accordingly (DPF).
3. Data processing in the context of client relationships
As a law firm, we process the data of our (future) clients within the scope of our client relationship, provided they are natural persons. If our (future) clients are companies, we process the personal data of their legal representatives and their employees. In addition, we process personal data of third parties who play a role in the respective matter for which legal advice and legal representation is requested (e.g. witnesses, external data protection officers, other parties involved such as opponents and their legal representatives). If you contact us for the purpose of entering into a contract with us and if you enter into a contract with us, we process the following data:
- master data (e.g. name, address, contact information such as e-mail, telephone number and internet address);
- client-related data (e.g. contracts, communication, delivery notes, evidence, witness data);
- legal advice data (e.g. content of enquiries, documents, file notes, legal opinions and legal assessments);
- activity data (e.g. documentation of and in the context of the legal advice, proof of services, invoices and other information necessary for the assertion and defence of your rights within the scope of the agreement);
- other data that you voluntarily provide to us as part of the client relationship;
- if applicable, information relevant to money laundering law regarding your identity, the beneficial owners, the purpose and nature of the business relationship and the transactions carried out, as well as the risk of money laundering. In the case of natural persons, we also make a copy of an official identification document. In the case of legal entities, we collect the information required by the German Money Laundering Act on the beneficial owners within the meaning of Sec. 3 German Money Laundering Act.
This data is processed
- to be able to identify you/your company/your employer as our client;
- to comply with legal obligations;
- for acquisition;
- to be able to provide you with appropriate legal advice and representation, i.e. to check and enforce claims, to create files, to check conflicts, to draw up and manage contracts and to be able to provide you with the legal advice you require;
- to be able to communicate with you;
- to organise operational processes efficiently;
- for bookkeeping and invoicing;
- to archive files, delete data and document the mandate.
Legal basis: The data processing is carried out at your request and is necessary for the mandate in accordance with Art. 6 (1) S. 1 lit. b GDPR.
If you are not or do not wish to become a client (e.g. because it is not you but the company you work for that has engaged or wishes to engage us, or if you are, for example, a witness, external data protection officer, other parties involved or opponents or their representatives), we process your personal data in accordance with Art. 6 (1) S. 1 lit. f GDPR. Our legitimate interests consist in the appropriate handling of the client relationship for the purposes mentioned or, for example, in making contact.
Insofar as we are legally obliged to process data, we base this on Art. 6 (1) S. 1 lit. c GDPR in conjunction with the respective statutory provision, in particular to fulfil professional, commercial and tax obligations for documentation and storage as well as to fulfil our obligations under the German Money Laundering Act.
We may need to process your personal data for the assertion of claims or for the defence of claims; in this case, the legal basis is our legitimate interest under Art. 6 (1) S. 1 lit. f GDPR in an efficient legal defence and enforcement of claims.
Storage period: We delete personal data after and insofar as the storage is no longer necessary for the handling and execution of the client relationship and no legitimate interests or legal obligations on our part prevent the deletion, such as the professional retention period pursuant to Sec. 50 Of the German Federal Code of Lawyers (BRAO) or statutory retention obligations (Sec. 147of the German Tax Act, Sec. 257 of the German Commercial Code, Sec. 14b of the German Fiscal Code). Deletion therefore generally takes place 6 to 10 years after the end of the client relationship, in the case of enforceable claims after 30 years.
The provision of your personal data is required if you, or the company you work for, wish to engage us. If you do not provide your personal data, it will not be possible to establish and fulfill the client relationship. If we are subject to a legal obligation to process certain data, e.g. due to money laundering prevention or professional law, the provision of the relevant data is also mandatory for the mandate.
4. Data processing when concluding other contractual relationships
We process personal data in the context of supplier relationships, (co-operation) contracts and other business relationships.
If MYLE contracts you or your employer, e.g. as a supplier or business partner, or if such a contractual relationship is initiated, or for the purpose of establishing contact, we process the following information:
- master data (e.g. title, first name, surname, gender, your position in the company);
- (publicly accessible) data about your company/employer;
- communication data (e.g. business telephone number, e-mail address, business postal address);
This data is processed,
- to be able to identify you or your company/employer as our supplier, service provider or partner;
- to fulfil legal obligations (e.g. to combat corruption or terrorism);
- to initiate, conclude and fulfil a contractual relationship with you/your company/your employer;
- for correspondence with you, insofar as this serves to initiate or fulfil a contract;
- to organise operational processes efficiently;
- for accounting reasons, provided that a contractual relationship is concluded for a fee;
- to protect legitimate interests.
Legal basis: Data processing is necessary for the purposes stated in accordance with Art. 6 (1) S. 1 lit. b GDPR (if you personally are or are to become a contractual partner) or Art. 6 (1) S. 1 lit. f GDPR (if your employer or company is or is to become a contractual partner).
In the event of a legal obligation to process data, the legal basis results from national or EU law in conjunction with Art. 6 (1) S. 1 lit. c GDPR.
We may need to process your personal data for the assertion of claims or for the defence of claims; in this case the legal basis is our legitimate interest in an efficient legal defence and enforcement of claims pursuant to Art. 6 (1) S. 1 lit. f GDPR.
Storage period: The personal data collected by us will be stored until the above-mentioned purposes cease to apply and are then deleted, unless we are obliged to store it for a longer period in accordance with Art. 6 (1) S. 1 lit. c GDPR due to legal storage and documentation obligations (e.g. from commercial, criminal or tax law) or if you have consented to further storage in accordance with Art. 6 (1) S. 1 lit. a GDPR.
The provision of your personal data is required if you wish to enter into a contractual relationship with us. If you do not provide your personal data, it will not be possible to establish and fulfil the contractual relationship.
5. Data processing using Microsoft Teams for video conferences and webinars
We provide you with the following information regarding your personal data processed when you participate in our Microsoft Teams meetings and webinars.
Note: If you access the Microsoft Teams website, the provider of Microsoft Teams, Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland (“Microsoft Ireland“) is responsible for data processing. Accessing the Teams website is necessary to download the software. If you do not want to or cannot use the Microsoft Teams app, you can also use Microsoft Teams via your browser. The service will then also be provided via the Microsoft Teams website.
Microsoft Teams enables users to chat, use channels and participate in meetings. You will receive an invitation for meetings via your email address; You can join the meeting using a link that is also provided.
When using Microsoft Teams, various types of data are processed. The scope of the data depends on the information you provide before and when attending a meeting. The following personal data is processed on a regular basis:
- information about participants: first name, last name, telephone number (optional), email address, password, profile picture (optional), department (optional);
- when dialing in by telephone: information about the incoming and outgoing telephone number, country code;
- connection data: start and end time of the meeting, if applicable other connection data such as the IP address of the device;
- audio and video data: In order to enable the display of video and the playback of audio, the data from your device’s microphone and any video camera on the device are processed accordingly during meeting. If this is not desired, you can switch off or mute the camera or microphone at any time using the Teams settings. We use the teams-meetings mode for Microsoft Teams. In Teams meetings, audio and video recordings are prevented by our settings. The event is generally not recorded.
- text data: When using the chat, question or survey features, the text entries you make are processed to be displayed in the Teams meeting and, if necessary, to log them.
We store the chat content for a period of one year. In 1:1 chats, meetings can be started between those involved in the chat, which can be end-to-end encrypted by the users; we advise you to use this functionality.
Users can read the chat history afterwards and without attending a meeting, as long as the meeting was invited from a team and you are part of this team. The chat history of meetings can therefore generally be read.
Legal basis: Processing takes place on the basis of Art. 6 (1) S. 1 lit. b GDPR to fulfill a contract. We process data that is not required for the performance of a contract to which the respective data subject is a party on the basis of Art. 6 (1) S. 1 lit. f GDPR, our legitimate interests in (i) the effective conduct of meetings within the framework of our business relationships and (ii) online information events on (a) professional topics and (b) about us, as well as (iii) enabling chat messages between participants.
Recipients: We generally do not share personal data that we process in connection with the use of Teams to third parties unless they are specifically intended for disclosure. Content from online meetings and personal meetings is often specifically intended for disclosure because the meetings serve to exchange information with clients, interested parties or third parties.
Microsoft Ireland necessarily receives access to the data to the extent that this is provided for in our data processing agreement with Microsoft Ireland. Microsoft Ireland reserves the right to process customer data for its own legitimate business purposes. We have no influence on this data processing. According to Microsoft Ireland, this includes, e.g., IP address, operating system, microphone driver, jitter value and all data required for stable and secure operation. According to Microsoft Ireland, personal data within Microsoft Teams is permanently deleted by the system after 90 days at the latest. To the extent that Microsoft Teams processes personal data in connection with legitimate business purposes, Microsoft is an independent data controller.
Data processing outside the EU: In principle, data processing outside the EU does not take place, as we have limited our storage location to data centers in the EU. However, we cannot rule out that data is routed via Internet servers located outside the EU. This can be the case in particular if participants in online meetings are in a third country.
If the European Commission has decided that an adequate level of protection exists (see Art. 45 (3) GDPR) in a third country, no additional measures are required for the respective transfer. If data is shared with recipients based in the USA, this will be done on the basis of the so-called Transatlantic Data Privacy Framework (DPF) of July 10, 2023, provided that the recipient has the appropriate certification. A list of the currently certified companies can be found here. In other cases, as well as when data is transferred to other so-called non-secure third countries, data will only be transferred in compliance with Art. 46 et seq. GDPR.
Microsoft has its headquarters in the USA and is certified in accordance with the DPF requirements.
Bitte verlinken: https://www.dataprivacyframework.gov/list
6.Marketing
We process personal data as part of marketing activities.
6.1 Email Marketing
We reserve the right to use the email address you provided as part of the contractual relationship from time to time in accordance with the statutory provisions to send you information about publications, events or webinars or a greeting card for special occasions by email during or after our service provision, provided that you have not already objected to such a use of your email address an name.
Unless the sending of electronic information is necessary for contract processing (e.g. email in an informational format), the processing is based on Art. 6 (1) S. 1 lit. f GDPR, our legitimate interest in improving and optimizing our services, sending information on current market developments, information on offers, invitations to free events, sending direct advertising and ensuring customer satisfaction.
We would like to point out that you can object to receiving this information and to processing your data for the purposes of this information at any time without incurring any costs other than the transmission costs according to the basic rates. You have a general right of objection without giving reasons in accordance with Art. 21 (2) GDPR. You can object by sending us a message (see the contact details in the section “Name and contact details of the controller”). We will delete your data at the latest after you object.
6.2 Mail Marketing
We would also like to send you greeting cards for special occasions or information and tips by mail. The legal basis is Art. 6 (1) S. 1 lit. f GDPR, our legitimate interest in ensuring good contractual relationships and maintaining contact.
7. Data processing in the context of events
If you register for one of our events on our website, by email or via an invitation link that we send you, we process your personal data to the extent that this is necessary for the organization, and implementation of the event. For this purpose, we collect the following data: first and last name, title, company, address, email address and, for events that require payment, also the invoice data.
Legal basis: For events that do not require payment, the legal basis is Art. 6 (1) S. 1 lit. f GDPR, our legitimate interests in efficient administration of participants, smooth implementation of the event and, for the purposes of access control and to only grant admission to invited guests, in enabling the comparison of registration data with the actual participants. For events that require payment, the legal basis is Art. 6 (1) S. 1 lit. b GDPR, the underlying contract.
The provision of your data is necessary for participation in the event and you are contractually obliged to provide your data. If your data is not provided, it is not possible to conclude and/or carry out a contract.
Storage period: We store your data for the duration of the organization (including corresponding preparation and follow-up) of the respective event. Any existing statutory retention obligations remain unaffected. We delete participant data within four weeks of the end of the event.
We take photos and video recordings at events and publish them afterwards. The recordings are used for advertising on our website, on LinkedIn, Instagram, BlueSky, in press releases, and to document the event online and offline.
Legal basis: The processing serves to protect our legitimate interest in increasing MYLE’s visibility in the public eye, publicizing MYLE’s activities and services, and in documentation within the meaning of Art. 6 (1) S. 1 lit. f GDPR.
8. Data processing in the application process
We process the data that you provide to us with your application for a position at MYLE (e.g. with your cover letter, CV and references).
During the application process, we process the following types of data:
- Master data (e.g. title, first name, last name, date of birth, place of residence);
- Documents (e.g. certificates, certificates, CV, letter of motivation);
- Expenses: In the event that you had reimbursable expenses, the data relevant for billing, e.g. your bank details;
- Communication data (e.g. telephone number (landline and/or mobile), email, postal address).
Legal basis: The legal basis for the processing is Art. 6 (1) S. 1 lit. b of GDPR. The processing is necessary for the decision on the establishment of a contractual employment relationship. If special categories of personal data are processed (e.g. health data), we process them for reasons of labor law, social security law or social protection in accordance with Art. 6 (1) S. 1 lit. b in conjunction with Art. 9 (2) lit. b GDPR.
After completion of the application process, further data processing may either take place with your consent or may be necessary for legal prosecution, whereby in the latter case the legal basis is Art. 6 (1) S. 1 lit. f GDPR, our legitimate interest in asserting or defending claims.
Storage period: The data we collect will be stored until the above-mentioned purposes no longer apply and will then be deleted, unless we are obliged to store them for a longer period in accordance with Art. 6 (1) S. 1 lit. c GDPR due to statutory retention and documentation obligations (e.g. under commercial, criminal or tax law).
In the event that you have agreed to further storage, we will add your data to our applicant pool. The data will be deleted after two years.
If the application is unsuccessful, the data will generally be deleted six months after the process has been completed, unless there are specific longer retention requirements (e.g. for any receipts for reimbursement of travel expenses) or storage is also necessary to defend against legal claims.
9. Disclosure of your personal data
We will only disclose your data if we are legally permitted to do so. We may disclose your data as follows, unless specifically stated above:
- We use a hosting service provider as a processor for the operation of these websites. The processor is Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany;
- We use an email provider for email traffic as a telecommunications provider Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany;
- We use technical service providers for hosting the law firm software and storing the files as well as for IT support services as processors. The processor is dokSAFE GmbH, Weißenfelser Str. 71, 04229 Leipzig, Germany;
- We employ freelance employees in our company.
The data sharing is based on our legitimate interest in being able to organize our business operations and to decide freely on the personnel and IT service providers employed in the interests of (i) efficient and appropriate handling of client relationships and (ii) organized office operations; the legal basis is Art. 6 (1) S. 1 lit. f GDPR.
- Public bodies/authorities, in particular tax authorities, can receive data if this is necessary to fulfill a legal obligation. The legal basis for the sharing is Art. 6 (1) S. 1 lit. c GDPR in conjunction with the relevant legal provision;
- data is shared in connection with our office operations (e.g. auditors, banks, insurance companies, tax consultants, auditors, legal advisors, supervisory authorities, translators). The legal basis for the sharing is then Art. 6 (1) S. 1 lit. b or lit. f GDPR;
- the processing of the client relationship may also require the sharing of your data with opposing parties and their representatives (in particular their lawyers) as well as to courts and other public authorities for the purposes of correspondence and to assert and defend your rights or those of our clients;
- we may share your data with file/data destruction companies;
- we share your address data with logistics companies for the purpose of shipping;
- if a criminal offense is suspected, we may share your data with law enforcement authorities (e.g. police, public prosecutor’s office).
If we transfer your data to a country that is neither part of the EU nor the EEA and for which there is no adequacy decision by the EU Commission, we will take all necessary measures to secure the respective data processing. This includes, for example, standard contractual clauses of the EU Commission.
10. Your rights
As a data subject, you have the following rights if the applicable requirements are met:
- right to information (Art. 15 GDPR)
- right to rectification (Art. 16 GDPR)
- right to erasure (Art. 17 GDPR)
- right to restriction of processing (Art. 18 GDPR)
- right to data portability (Art. 20 GDPR)
In addition, according to Art. 77 GDPR, you have the right to complain to a supervisory authority of your choice about our data processing. Our headquarters are in Berlin, Germany. The supervisory authority responsible for us is: Berlin Commissioner for Data Protection and Freedom of Information, Alt-Moabit 59-61, 10555 Berlin, Germany.
You also have the right to object (Art. 21 GDPR) if we process data on the basis of Art. 6 (1) S. 1 lit. f GDPR. Please note that if data is processed for purposes other than direct marketing, you need to demonstrate reasons relating to your particular situation. You can object by sending us a message (see the contact details in the section “Name and contact details of the controller”).
If we process your personal data on the basis of your consent, you can withdraw it with effect for the future. You can declare your withdrawal by sending us a message (see the contact details in the section “Name and contact details of the controller”).