Data protection information for our clients (M/F/D)

Our handling of your data and your rights

Information in accordance with Art. 13, 14, 21 of the General Data Protection Regulation (GDPR)

The following information provides you as a client (m/f/d) with an overview of the processing of your personal data by us and your rights.

If you as our client are not a natural person, please forward this information to the persons whose personal data we process because they are our contact persons or are mentioned on documents such as invoices and deeds.

1) Who is responsible for data processing and who can I contact?

The responsible body is the

Notary Dr. Benjamin Schmitz
Posthof 6
53783 Eitorf
02243/88050
info@notar-eitorf.de

Our Data Protection Officer You can reach us at:

GDI Gesellschaft für Datenschutz und Informationssicherheit mbH
Mr. Dipl.-Inform. Olaf Tenti
Körnerstr. 45, 58095 Hagen
Phone: +49 (0) 2331/356832-0
E-Mail: datenschutz@gdi-mbh.eu

2) What sources and data do we use?

We process data that you transmit to us or that we have received from third parties, e.g. from lawyers, brokers or credit institutions commissioned by you, as part of the respective official act or with your permission. Furthermore, we also collect personal data from publicly accessible sources, e.g: Property data from the land registry, register data from the commercial register.

We also collect data from other sources, e.g. creditors. However, this is only done at your prior request and to process your specific request or to fulfill legal obligations or sovereign activities.

In particular, the following personal data and categories of data are processed for the purposes mentioned in section 3:

  • Personal data (e.g.: Title, first name, surname, address, telephone number, e-mail address, nationality, registration numbers, marital status)
  • Data on persons you represent (e.g.: Title, first name, surname, address, date of birth, place of birth, family relationship, nationality, marital status, registration numbers)
  • Contents of declarations to be notarized
  • Data on financial circumstances (e.g.: Property ownership, other rights to real estate, business interests, income, insurance, etc.).
  • Data in connection with contracts (e.g.: for property purchase contracts, your tax identification number, if necessary information about your family situation or your financial situation or other sensitive data such as health data)
  • Payment information such as bank details or data for internet-based payment services
  • Legal relationships with third parties (e.g. file numbers, account or credit numbers, contracts)

We may also process special categories of personal data within the meaning of Art. 9 (1) GDPR on a case-by-case basis.

3) What do we process your data for (purpose of processing) and on what legal basis?

In the following, we will inform you what we process your data for and on what legal basis.

3.1) IN THE FRAMEWORK OF PERFORMING A TASK ASSIGNED TO US THAT IS IN THE PUBLIC INTEREST OR IN THE EXERCISE OF PUBLIC DUTY (ART. 6(1)(E) GDPR)

The processing of personal data is carried out for the performance of notarial activities in accordance with the official duties, in particular for the preparation of draft deeds, for the performance of consultations and for notarization, for the execution of deed transactions and for the preparation of fee invoices; the processing of personal data is necessary for the performance of consultations.

3.2) Due to legal requirements (Art. 6 para. 1 lit. c GDPR)

We are subject to various legal obligations to carry out certain data processing (e.g.: the professional and procedural provisions applicable to notaries under the Federal Notarial Code and the Notarization Act).

3.3) IN THE FRAMEWORK OF INTEREST ASSESSMENT (Art. 6 para. 1 lit. F GDPR)

We may also use your data on the basis of a balancing of interests to protect our legitimate interests or those of third parties. This can be done in particular for the following purposes:

  • Supporting our employees in client care
  • Assertion of legal claims and defense in legal disputes
  • Prevention and investigation of criminal offenses
  • Ensuring IT security and IT operations

Our interest in the respective processing results from the respective purposes and is otherwise of an economic nature (efficient fulfillment of tasks, avoidance of legal risks). Where permitted by the specific purpose, we process your data in pseudonymized or anonymized form.

3.4) On the basis of your consent (Art. 6(1)(a) GDPR)

If you have given us your consent to process personal data, the respective consent is the legal basis for the processing mentioned there. Consent can be withdrawn at any time. This also applies to the revocation of declarations of consent given before the GDPR came into force, i.e. before May 25, 2018. The revocation is only effective for the future. Processing that took place before the withdrawal is not affected. A revocation can be sent to the office named under point 1.

4) Who receives my data?

Your data will only be passed on if a legal basis permits this. The data referred to in section 2 will be transmitted to public bodies if there is a legal obligation to do so or if you have given your consent to this transmission. Such public bodies may include, in particular, other notaries, the tax authorities, the registry courts, the land registry, the Central Register of Wills, the Central Register of Lasting Powers of Attorney and the Chamber of Notaries.

Data will only be transferred to private third parties to fulfill your specific request and only at your request.

Within our company, only those departments receive your data that need it to fulfill our contractual and legal obligations or to fulfill their respective tasks.

Furthermore, personal data may be passed on to IT service providers or similar for the purpose of order processing. This is necessary for the fulfillment of contractual obligations (see section 3). In addition, processors employed by us (Art. 28 GDPR), in particular in the area of IT services, notary software providers, web hosts and NotarNet GmbH, may process your data for us in accordance with our instructions.

5) How long will the data be stored?

For notarial deeds and other documentation from notarial matters, the retention periods from the Service Regulations for Notaries (DONot) and in accordance with § 50 Para. 1 of the Ordinance on the Keeping of Notarial Files and Directories (NotAktVV) apply, namely:

  • 100 years for the register of deeds, electronic collection of deeds, collection of inheritance contracts and special collection,
  • 30 years for paper-based document collection, custody register and general files,
  • 7 years for collective files for bill of exchange and cheque protests and ancillary files, whereby the notary may stipulate a longer retention period in writing at the latest when the content is last processed, e.g. in the case of dispositions upon death or in the event of a risk of recourse; the stipulation may also be made in general for individual types of legal transactions.

Furthermore, we are subject to various retention and documentation obligations, including those arising from the German Commercial Code (HGB) and the German Fiscal Code (AO). The retention and documentation periods specified there are two to ten years.

Finally, the storage period is also determined by the statutory limitation periods, which are generally three years in accordance with Sections 195 et seq. of the German Civil Code (BGB), for example. This applies to contractual and other data relating to the legal relationship between you and us.

6) Is data transferred to a third country?

Your data will only be transferred to countries outside the European Economic Area - EEA (third countries) if and insofar as this is necessary for the execution of the contractual relationship or required by law (e.g. accounting, administration) or if you have given us your consent.

If we use software from providers based in third countries or software from providers with subcontractors / service providers in third countries to carry out notarial activities, your data or parts of your data may be transferred to third countries (e.g. to the USA), depending on the purpose of processing.

An adequacy decision within the meaning of Art. 45 para. 3 GDPR exists for the USA. As a result, personal data can now be transferred from the EU to companies and organizations in the USA that have certified themselves for the EU-U.S. Data Privacy Framework without the need for further protective measures. This adequacy decision thus serves as the basis for the transfer of data to the service providers we use in the USA.

If there is no adequacy decision within the meaning of Art. 45 para. 3 GDPR or the company or organization in the USA has not certified itself for the EU-U.S. Data Privacy Framework, we conclude standard data protection clauses issued by the EU Commission within the meaning of Art. 46 para. 2 lit. c GDPR with the respective service providers/providers to protect your data. Furthermore, some of our service providers have implemented binding corporate rules (BCR) within the meaning of Art. 47 GDPR for their group of companies or the same group of companies, which have been approved by the respective competent supervisory authority.

7) What other data protection rights do I have?

You have the right to information (Art. 15 GDPR, § 34 Federal Data Protection Act - BDSG), to rectification (Art. 16 GDPR), to erasure (Art. 17 GDPR, § 35 BDSG), to restriction of processing (Art. 18 GDPR), to object (Art. 21 GDPR) and to data portability (Art. 20 GDPR) under the respective legal requirements.

The above rights only apply insofar as they are not opposed by the notarial confidentiality obligation pursuant to § 18 BNotO (see § 29 para. 1 sentence 2 BDSG).

You also have the right to lodge a complaint with the competent data protection supervisory authority (Art. 77 GDPR, Section 19 BDSG).

8) To what extent is there automated decision-making in individual cases?

We do not use automated decision-making in accordance with Art. 22 GDPR to carry out notarial activities. Should we use these procedures in individual cases, we will inform you of this separately if this is required by law.

9) To what extent will my data be used for profiling?

We do not process your data with the aim of evaluating certain personal aspects (so-called "profiling").

10) Do I have an obligation to provide data?

You are not legally obliged to provide us with personal data. However, if you do not provide us with the data necessary for the execution of the official transaction and the requested notarial activity, as well as the data that we must collect and process for legal reasons during and after this activity, we will generally have to refuse to carry out the official transaction.

11) What rights of objection do I have? (Art. 21 GDPR)

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (f) of Article 6(1) GDPR (data processing on the basis of a balancing of interests); this also applies to profiling based on this provision within the meaning of Article 4(4) GDPR.

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defense of legal claims.

The objection can be made informally and should preferably be addressed to the contact options listed under point 1.

Status: September 25, 2024