Data Protection

Dataprotection

In accordance with Article 13 of the GDPR (General Data Protection Regulation), we declare as follows that:

(1)

a) The responsible officials in terms of the GDPR are: Martin Heidemann, Patrick Heidemann, Dr Marcel Messerschmidt and Dr. Roland Kühne, all at Kurfürstendamm 188, 10707 Berlin, info@heidemann-drnast.de

b) The independent data protection officer is Dr Frank Tykwer (lawyer), Cäcilienhöhe 173, 45657 Recklinghausen, rechtsanwalt@dr-tykwer.de

c) The data is necessary for us to process mandates that we have accepted or may yet accept, as well as for the purpose of meeting our legal obligations to check and report, especially under the Money Laundering Act, and for the establishment, exercise or defence of legal claims. The legal basis according to Article 6 (1) b) of the GDPR is the fulfillment of legal obligations to check and report and, according to Article 6 (1) f) of the GDPR, the safeguarding of our interests in our relationship with clients.

d) The recipients of personal data are all those government agencies to which there is a legal obligation to report (especially tax authorities and committees appointed under § 192 of the Federal Building Code with the task of valuing land and buildings), those with possible preemptive rights, those with rights entered in the land register that are due to be cancelled, credit institutions holding escrow accounts, law courts (especially land registries and registers of companies, and certain third parties. We pass data on to third parties if, under Article 6, paragraph 1, page 1, subsection a of the GDPR, you have expressly agreed that disclosure is necessary, under Article 6, paragraph 1, page 1, subsection f of the same regulations, for the assertion, exercise or defence of legal claims and there are no grounds for assuming that you have an overriding and legitimate interest in your personal data not being disclosed; and likewise if, under Article 6, paragraph 1, page 1, subsection c of the GDPR, there is a legal obligation for disclosure and this is necessary, under Article 6, paragraph 1, page 1, subsection B of the same regulations, for the settlement of contractual relationships with you.

(2)

a) There is no fixed limit as to how long data is retained. Data retention periods laid down by employment law, the Money Laundering Act and tax law have to be observed in any case. In addition, we retain data for defence purposes against any possible legal claims until the expiry of the statutory limitation period. The foregoing also applies to back-ups kept for safeguarding data.

b) When you trust us with personal data, you have right of access to it as well as the right to rectify or add to it. As long as there is no conflict with our legal obligations, you also have the right to delete data or restrict or block its processing.

c) Insofar as the processing is based on Article 6, paragraph 1, letter a or Article 9, paragraph 2, letter a of the GDPR, you are entitled to withdraw consent at any time. This does not affect the legality of what has been processed with consent up to the time consent was withdrawn.

d) There is a right of appeal to the regulators, the president of the Berlin Regional Court (Landesgericht Berlin), Littenstraße 12-17, 10179 Berlin in notarial matters and the Berlin Lawyers’ Association (Anwaltskammer Berlin), Littenstraße 9, 10179 Berlin in matters concerning lawyers.

e) The provision of personal details is prescribed by law for the conclusion of contracts and is essential. You are not obliged to provide your personal details but, without this data, we cannnot take on a mandate.

f) In accordance with Article 22, paragraphs 1 and 4 of the GDPR, automated decision-making, including profiling, does not take place.

(3) Visiting our website

When you access our website www.heidemann-drnast.de, information is automatically sent to our website server via the browser used on your terminal device. This information is temporarily stored in a so-called log file. Without any action on your part, the following details are collected and stored until they are automatically deleted:

• the IP address of the computer which accesses us,

• date and time of access,

• name and URL of the web pages visited,

• website from which our website was accessed (referrer URL),

• the browser you used, the operating system of your computer and the name of your access provider

We use this data for the following purposes:

• to ensure that our website connection set-up is trouble-free,

• to make our website user-friendly,

• to evaluate the security and stability of the system, and

• for other administrative uses.

The legal basis for the data processing is Article 6, paragraph 1, page 1, letter f of the GDPR. The reasons listed above for data collection serve our legitimate interest. In no way do we use the data to make personal inferences about you.