Data Protection Policy

Welcome to the website of BOEHMERT & BOEHMERT Anwaltspartnerschaft mbB Patentanwälte Rechtsanwälte (hereinafter: "BOEHMERT & BOEHMERT"). We have produced this Data Protection Policy to give you information and advice on how BOEHMERT & BOEHMERT processes personal data. The advice concerns

  • the use of our website and
  • other processing of personal data by BOEHMERT & BOEHMERT.


If you have any questions in this regard, please speak to us. You can find our contact information in our Legal Notice. The most up to date version of the information in this Policy can be accessed at any time on our website, at www.boehmert.de/datenschutz or via the link marked "Data Protection".

Overview:

Part 1:   General
Part 2:   Data processing when visiting our website
Part 3:   The processing of personal data when working on client matters
Part 4:   Rights of the Data Subjects

Part 1: General

1.  Data controller and data protection officer

The data controller is Boehmert & Boehmert Anwaltspartnerschaft mbB, Patent Attorneys, Attorneys at Law, Hollerallee 32, 28209 Bremen, Germany, Tel.: +49 (0)421 3409 0, Fax: +49 (0)421 3491768. 

The data protection officer is Mr. Mark Rethmeier, BOEHMERT & BOEHMERT Anwaltspartnerschaft mbB, Patent Attorneys, Attorneys at Law, Hollerallee 32, 28209 Bremen, Germany, Tel.: +49 (0)421 3409 0, email: datenschutzbeauftragter@boehmert.de.

2.  Definitions

Personal data is all information which refers to an identified or identifiable natural person ("Data Subject"). A natural person is deemed to be identifiable if they can be directly or indirectly identified, in particular by means of association with identifying information such as a name, an identification number, location information, an online identifier or one or more particular characteristics, which are an expression of the physical, physiological, genetic, psychological, economic, cultural or social identity of this natural person.

Cookies are small text files which are stored locally, during each visit to our website, on the user's end device (e.g. PC, smartphone, tablet). They can contain a range of information about the end device used as well as about usage behaviour and is sent back to the cookie-setting web server with the aim of recognising a returning user and their settings.

You can prevent cookies being stored by adjusting your browser settings accordingly; moreover, you can delete stored cookies using your browser. Preventing or deleting cookies may render, in some circumstances, the use of certain functions of the website impossible or inconvenient.

GDPR is the abbreviation for REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).

Part 2: Data processing when visiting our website

The use of our website does not require any prior registration and/or other provision of personal data. During your visit to our website, we collect and process information which you send to us through technically automated means (see section 1) and/or personal data which you send to us voluntarily, in particular via our contact form (see section 2) or when ordering the publication, "B&B_Bulletin" (section 3).

1.  Automated processing of data when using the website

IP address and log files

a)  Explanation and purpose of processing:

We automatically process the following information every time you visit our website:

  • The IP address of your computer or other end device (e. g. tablet or smartphone) and the request(s) sent by your browser
  • the volume of data transmitted, the type and version of browser used, the screen resolution and the operating system used.  


The IP address and information on the request(s) from your internet browser are necessary, for technical reasons, for you to visit and use the website; without this data being processed, webpages cannot be accessed and cannot be displayed. The processing of the IP address is anonymised by way of abbreviation or deleted once it is no longer required for technical reasons for you to access/use the website.

In addition, the above mentioned data will be processed by us for the following purposes:

  • ensuring a smooth connection to the website can be made,
  • ensuring our website can be used in a convenient manner,
  • analysis of system security and stability and
  • other administrative purposes.


Information on the volume of data transmitted, the type and version of browser used, the screen resolution and the operating system used is collected and processed in order to optimise how content is displayed, determine the system capacity and make future modifications and improvements to the website, on the basis of statistical analyses (where applicable).

b)  Legal basis:

The legal basis for this processing of data is Art. 6 (1), first sentence, (f) GDPR. The legitimate interest in processing the relevant data is that it makes accessing the website technically possible, optimises how the content is displayed for the user and enables the continued improvement/optimisation of the internet service in the future.

On your right to object when processing data based on Art. 6 (1) first sentence (f) GDPR see below (part 4: "Rights of the Data Subject")

Use of cookies by our server

a)  Explanation and purpose of processing:

We use cookies on our website from our web server (see above). You are made aware of this by way of a banner ("cookie notice banner") which is displayed at least the first time you visit our website. Specifically, the following cookies are set by our server when our website is accessed:

  • cookieconsent_dismissed: This cookie stores the information as to whether you have clicked on "ok" on the cookie notice banner and prevents it from appearing again when a user returns to the website at a later date. It is automatically deleted after 12 months.
  • PHPSESSIONID: This cookie is a so-called session cookie, which is required for the administration of our website.. It is immediately deleted when the user leaves the website.


b)  Legal basis:

The legal basis for this processing of data is Art. 6 (1), first sentence, (f) GDPR. The legitimate interest in processing the data is that it enables the use of the website and its functions.

On your right to object when processing data based on Art. 6 (1) first sentence (f) GDPR see below (part 4: "Rights of the Data Subject")


Google Maps

a)  Explanation and purpose of processing:

Our website contains interactive maps from Google Maps, a service from Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA ("Google"). In this context, pseudonymised use profiles will be created and cookies used (see above). The information generated by the cookie regarding your use of this website such as

  • browser type/version,
  • operating system used,
  • referrer URL (the website visited previously),
  • host name of the accessing computer (IP address),
  • time of server request,


will be transmitted to one of Google's servers in the USA and stored there. Google has committed to complying with the EU-US Privacy Shield.

Google stores your data as user profiles and uses it for the purposes of advertising, market research and/or tailoring the design of its website. Analysis of this type is carried out in particular (even for users who are not logged in) in order to render tailored advertising and to inform other users about your activities on our website. The IP addresses are anonymised such that they cannot be identified (IP masking).  

You can generally prevent cookies being stored through corresponding settings in your browser software; we would, however, make you aware that in this case you may not be able to use all functions of this website and/or other websites in full.

b)  Further information on Google Maps

Further information on the purpose and extent of data collection and processing by Google can be found in their privacy policy at http://www.google.de/intl/de/policies/privacy.

You can also obtain further information on your rights with Google in this regard and settings options to protect your privacy.

2.  Contact form

a)  Explanation and purpose of processing:

You can contact us with any questions or requests via our online contact form or by email. In doing so, the personal data transmitted by you will be processed by us electronically in order to answer your question or deal with your request. If you use the online contact form, you must provide your name and a valid email address so that we know who has sent the enquiry. 

The personal data collected in this context will be deleted when its storage is no longer necessary or, to the extent legal obligation to retain records exist, its processing is limited, unless further processing is regulated by law. 

The processing of your personal data when you contact us is carried out on the basis of your consent. Naturally, your contacting us and thus also the transmission of your personal data in this context is voluntary. You can revoke your consent at any time, by contacting us via the online contact form or sending an email to dpo@boehmert.de. Revoking consent has no influence on the legitimacy of the processing carried out on the basis of the consent prior to the revocation.

b)  Legal basis

The legal basis for this processing of data is Art. 6 (1) first sentence (a) GDPR.

3.  B&B Bulletin

a)  Explanation and purpose of processing:

You have the possibility, via our website, to register to receive our regular publication, the B&B Bulletin, which is sent out up to four times per year by email. This publication contains short articles written by the attorneys of BOEHMERT & BOEHMERT covering current legal issues, developments in case law, changes in legislation or official practice and events. In order to register to receive that publication, a separate declaration of consent is required, including the provision of an email address, which is stored solely for the purpose of sending that publication to the specified address.

b)  Consent

Emails will be sent to the email address provided by you on the basis of the prior consent granted by you. The consent granted by you in the course of subscribing to the Bulletin, reads as follows:

I have taken due note of the Data Protection Policy and hereby consent to BOEHMERT & BOEHMERT regularly sending me, as described in the Data Protection Policy (part 2, section 3) the B&B Bulletin, to the email address provided by me, until such time as I revoke this consent.

The granting of the necessary consent for subscription to the B&B Bulletin is voluntary and can be revoked by way of a simple declaration at any time with effect for the future (e.g. by email to bulletin@boehmert.de). Moreover, there is a link at the end of every Bulletin which you can click to have yourself removed from the email mailing list and thus revoke your consent. Revoking consent has no influence on the legitimacy of the processing carried out on the basis of the consent prior to the revocation. It is not possible to subscribe to the publication without granting consent.

c)  Legal basis:

The legal basis for this processing of data is Art. 6 (1) first sentence (a) GDPR.

4.  Recipients of personal data

The sending of the B&B Bulletin (see above, section 3) is carried out by an external service provider, to whom the data provided in the application to subscribe to the publication is transmitted based on a controller-processor-agreement.

Part 3: The processing of personal data when working on client matters

In the following, we inform you about the type, extent and purpose of data processing by BOEHMERT & BOEHMERT in relation to the receipt of an instruction to act and the handling of a client matter as well as in relation to other activities of BOEHMERT & BOEHMERT. Information on the data controller as well as contact information for the data protection officer can be found above (part 1), on the rights of the Data Subject, below (part 4).

1.  The processing of clients' personal data

When we receive an instruction to act as attorneys, we collect and process the name, address and other contact information (e. g. email addresses, telephone and fax numbers etc.) of the requesting party as well as information related to any facts provided by them, which could also contain personal data. During the course of working on client matters, further personal data could also be stored. Generally, all data, including personal data, is collected and processed by BOEHMERT & BOEHMERT in software for attorneys into electronic client and case files.

The collection and further processing of this data is carried out for the purposes of establishing and performing the contract of engagement and to carry out pre-contractual steps at the request of the Data Subject, as well as for the purposes of billing the services provided.

The legal basis for this processing of data is Art. 6 (1), first sentence, (b) GDPR.

2.  The processing of the personal data of others

In the course of providing its services, BOEHMERT & BOEHMERT also processes personal data of third parties, e.g. those of opposing parties, representatives of opposing parties, contact persons in public authorities, courts and service providers, business contacts etc. This includes in particular contact data (names, addresses, telephone numbers and fax numbers, email addresses etc.) as well as information relating to client matters, which could also contain personal data. Some of this data is collected directly from the Data Subject, some is collected by other means, specifically for the purpose of providing legal advice and representation services to clients of BOEHMERT & BOEHMERT, including the related correspondence and documentation, for the purpose of business communications and in relation to establishing a possible working relationship in the future (e. g. recording contact details of translators, research institutes or other service providers; personal contact details in the course of prior business encounters etc.) or expected other future contacts (e. g. representatives of opposing parties, contact persons in public authorities, courts etc.).

The legal basis for this processing of data is Art. 6 (1), first sentence, (f) GDPR. The legitimate interest is in the proper and effective provision of legal advice and representation services to clients.

On your right to object when processing data based on Art. 6 (1) first sentence (f) GDPR see below (part 4: "Rights of the Data Subject")

To the extent that contractual agreements exist between the data subject and BOEHMERT & BOEHMERT and the processing of personal data occurs in the performance of those agreements, the basis for that processing is Art. 6 (1) first sentence (b) GDPR. The processing may also be necessary in order to comply with a legal obligation; the basis for processing in that case is Art. 6 (1) first sentence (c) GDPR.

3.  Recipients of personal data / transmission to third countries

1.  In the course of the administrative handling of client matters, personal data is sent to service providers who process that data for a specific purpose on behalf of BOEHMERT & BOEHMERT within the meaning of Art. 28 GDPR on the basis of a contractual agreement for third party processing as per Art. 28 (3) GDPR. Primary examples of this are IT service providers, in particular in respect of the attorney software and technical infrastructure used, and service providers for financial bookkeeping and accounting, with whom contracts for third party data processing within the meaning of Art. 28 (3) GDPR exist. All service providers engaged by BOEHMERT & BOEHMERT have signed a contractual agreement with BOEHMERT & BOEHMERT in which they undertake to maintain confidentiality where they come into or could come into contact with information covered by a confidentiality undertaking.

2.  Depending on the type of client matter, personal data may also be transferred in the course of working on the matter to third parties who are not processors. This may include, in particular, recipients in the following categories: opposing parties and representatives thereof, courts, authorities, bailiffs, correspondence attorneys and external counsels, translation providers, research providers, consulates, embassies etc.

Such a transmission to third parties will only occur if and to the extent that

  • the transmission is necessary for the performance of the contract of engagement (legal basis: Art. 6 (1) first sentence (b) GDPR) or
  • this is covered by the client's consent (legal basis: Art. 6 (1) first sentence (a) GDPR), or
  • the transmission of data is required to preserve the legitimate interests of BOEHMERT & BOEHMERT or a third party, in particular a client, and these are not overridden by the interests or fundamental rights and freedoms of the Data Subject, which require the protection of personal data (legal basis: Art. 6 (1) first sentence (f) GDPR).


3.  In connection with the work on client matters, personal data may be transmitted, depending on the individual case concerned, to third countries, namely countries outside the European Union and the European Economic Area (EEA), or international organisations (e. g. authorities, opponents and their representatives, correspondent attorneys etc.). This includes transmission to countries in relation to which the European Commission has not decided that the country ensures an adequate level of protection (Art. 45 (3) GDPR) and possibly also transfers for which no safeguards under Art. 46 GDPR are provided.

To the extent that an adequacy decision has not been adopted and/or suitable safeguards have not been provided, a transmission of that kind will only be made in exceptional cases as per Art. 49 (1) first sentence GDPR, in particular if and to the extent that

  • this is necessary for the performance of the contract of engagement between the client and BOEHMERT & BOEHMERT or to carry out precontractual steps at the request of the client,
  • this is necessary for the conclusion or performance of a contract entered into in the interests of the client by BOEHMERT & BOEHMERT with another natural or legal person,
  • this is necessary for the assertion, exercise and defence of legal claims,
  • an express consent within the meaning of Art. 49 (1). first sentence (a) GDPR, or
  • the transmission is from a register within the meaning of Art. 49 (1) first sentence (g) GDPR (e. g. the German Trade Mark and Patent Register).

4.  Duration of retention

The mandatory retention period for files by attorneys at law and patent attorneys is currently six years, commencing upon expiry of the calendar year in which the concrete case ended; moreover, the general tax and/or commercial retention periods apply. BOEHMERT & BOEHMERT will store the personal data related to clients and client matters for at least the duration of these time limits.

In addition, BOEHMERT & BOEHMERT will, in individual cases, processes, on the basis of Art. 6 (1) first sentence (f) GDPR, personal data related to clients and client matters also beyond these statutory retention periods, to the extent that this is appropriate and necessary, in particular in the case of open ended client relationships, for the ongoing maintenance, monitoring, preservation and defence of intellectual property rights and other legal interests. In this regard, in the case of open ended client relationships, the data related to individual matters will not be deleted prior to the end of the client relationship to enable information from completed matters to be taken into acount in respect of the advice on current and future matters. Moreover, processing beyond the statutory data retention periods is carried out for the purpose of identifying and preventing so-called conflicts of interest when before working on new cases as well as for providing information to clients, including in relation to concluded matters.

Contact data not related to a specific client and/or client matter, concerning, for example contact persons at service providers (e. g. research providers, translators, survey institutes etc.) is stored for as long as this is needed for the purposes described above.

On your right to object when processing data based on Art. 6 (1) first sentence (f) GDPR see below (part 4: "Rights of the Data Subject")

Part 4: Rights of the Data Subject

1.  You have the right to request confirmation from BOEHMERT & BOEHMERT on whether personal data concerning you is processed. If this is the case, you have a statutory right of access to information regarding this personal data (Art. 15 GDPR in conjunction with Sec. 34 German Federal Data Protection Act (BDSG)). A right of access does not exist, however, in the derogations stipulated in Sec. 27 (2), Sec. 28 (2), Sec. 29 (1) second sentence and Sec. 34 (1) BDSG. In particular, there is no right of access to information to the extent that the granting of access would lead to a disclosure of information which must be kept secret due to a legal provision or due to its inherent nature, in particular due to an overriding legitimate interest of a third party (Sec. 29 (1) second sentence BDSG).

2.  You also have the right to request that inaccurate personal data be rectified and where applicable - taking into account the purposes of the processing - incomplete personal data be completed, including by means of a supplementary statement (Art. 16 GDPR). Moreover, in the cases laid out in Art. 17 (1) (a) to (f) GDPR, you have a right to request that personal data be deleted, provided no exception as per Art. 17 (3) GDPR applies, as well as that the processing be restricted in the cases laid out in Art. 18 (1) GDPR. There is also a right to have data portability ensured in the cases laid out in Art. 20 (1) GDPR.

3.  You have the right to appeal to the competent supervisory authority, if you are of the opinion that the processing of your personal data violates the GDPR.

4.  The right to object to processing on the basis of legitimate interests

To the extent the processing of data is based on Art. 6 (1) (f) GDPR ("legitimate interests"), you have the right, under Art. 21 GDPR, to object at any time, for reasons related to your particular situation, to the processing of personal data concerning you.

In the case of an objection, BOEHMERT & BOEHMERT will no longer process the personal data, unless

  • the processing serves the assertion, exercise or defence of legal claims or
  • BOEHMERT & BOEHMERT can prove necessary, legitimate grounds for the processing which override the interests, rights and freedoms of the Data Subject.


This Data Protection Policy was last updated on 25.05.2018 and may in future be modified according to changing circumstances, in particular to conform to amendments to legal requirements, the practice of public authorities or case law.

Version: 25.05.2018