(Last updated June 22, 2022)
Information on Data Protection related to our processing of Applicant Data in accordance with articles 13, 14 and 21 General Data Protection Regulation (GDPR)
We take data protection very seriously and inform you herein how we process your data and what claims and rights you are entitled to under data protection regulations.
1. Data controller and contact details
Data controller:
Heuking Kühn Lüer Wojtek PartGmbB
Georg-Glock-Straße 4
D-40474 Düsseldorf, Germany
Contact details of our Data Protection Officer (also Data Protection Officer of all civil law notaries working in the law firm):
Heuking Kühn Lüer Wojtek PartGmbB
Data Protection Officer Mr. Harald Eul
(HEC Harald Eul Consulting GmbH)
Georg-Glock-Straße 4
40474 Düsseldorf, Germany
Email: Datenschutz-Heuking(at)he-c.de
2. Purposes of and legal basis for the processing of your data
We process personal data in accordance with the provisions of the General Data Protection Regulation (GDPR), the German Federal Data Protection Act, and other applicable data protection regulations. Details can be found below. Further details or additions to the purposes for data processing can be found in the relevant contractual documentation, in forms, or in a declaration of consent and other information provided to you.
2.1 Purposes necessary for the performance of a contract or precontractual measures (Article 6(1)(b) GDPR)
Your personal data will be processed for the purpose of processing your application in response to a specific job advertisement or as an unsolicited application, and in particular for the following purposes: examination and assessment of your suitability for the position to be filled, performance and conduct analysis within the legally permitted scope, if applicable for registration and authentication of an application via our website, where applicable for drafting an employment agreement, traceability of transactions, orders, and other agreements, as well as for quality control by means of appropriate documentation, measures for meeting the general duties of care, statistical evaluations for corporate management, travel and event management, travel bookings and travel cost invoicing, rights and credential management, cost recording and controlling, reporting, internal and external communications, invoicing and tax assessment of corporate services (such as canteen food), invoicing via company credit cards, workplace safety and health protection, communications relating to contracts (including appointments) with you, exercise or defense of legal claims in the event of legal disputes; guaranteeing of IT security (including system or plausibility tests) and general security, including building and plant safety, safeguarding and exercising of internal rules by means of appropriate measures, as well as, where applicable, by means of video surveillance for the protection of third parties and our employees, and to prevent and secure evidence in case of offenses; guarantees of integrity, prevention and investigation of criminal acts; authenticity and availability of data, monitoring by supervisory boards or supervisory bodies (e.g., auditing).
2.2 Purposes within the scope of our legitimate interests or those of third parties (Article 6(1)(f) GDPR)
Beyond the actual performance of the (preliminary) contract, we will process your data where necessary to safeguard either our justified interests or those of third parties. Your data will only be processed where there are no overriding interests on your part that are opposed to such processing, such as in particular for the following purposes: steps for further development of existing systems, processes, and services; comparisons with European and international anti-terror lists, where they exceed statutory obligations; enhancement of our data, including by using or researching of publicly accessible data where necessary; benchmarking; development of scoring systems or automated decision-making processes; building and plant security (e.g., by means of access control and video surveillance), where such exceeds the general duties of care; internal and external investigations, security investigations.
2.3 Purposes associated with your consent (Article 6(1)(a) GDPR)
Your personal data may also be processed for certain purposes (e.g., to obtain references from previous employers or using your data for future vacancies) on the basis of your consent. In general, you may revoke your consent at any time. You will be informed of the purposes and the consequences of revocation or failure to give consent in the relevant text of the consent.
In principle, revocation of consent will only be effective for the future. Any processing carried out prior to the revocation will remain unaffected and lawful.
2.4 Purposes necessary for compliance with a legal obligation (Article 6(1)(c) GDPR) or for the performance of a task carried out in the public interest (Article 6(1)(e) GDPR)
Like all actors in business life, we are also subject to a large number of statutory obligations. These are primarily statutory requirements (e.g., Works Constitution Act, Social Code, Commercial Code, and Tax Code), but also possible duties under supervisory law or other requirements set out by government authorities (such as employers’ liability insurance associations). The purposes of processing may also include identity and age checks, prevention of fraud and money laundering (e.g., comparisons with European and international anti-terror lists), compliance with control and notification obligations under tax law, as well as the archiving of data for the purposes of data protection and data security, and for purposes of audits by tax advisors/auditors, fiscal and other government authorities. In addition, it may be necessary to disclose personal data within the scope of official government/court measures for the purposes of collecting evidence, law enforcement and criminal prosecution, or the satisfaction of claims under civil law.
3. Data categories processed by us where we do not receive data directly from you, and their origin
Where necessary for the contractual relationship with you and the job application you have submitted, we may process data received from other bodies or from other third parties in a permissible manner. In addition, we will process personal data that we have obtained, received, or acquired in a permissible manner from publicly accessible sources (such as commercial and association registers, civil registers, press, internet, and other media) where required, and where we are allowed to process such data in accordance with the statutory provisions.
Relevant categories of personal data may include, in particular:
- address and contact details (registration data and similar data, such as email address and telephone number),
- information concerning you on the internet or on social networks,
- video data.
4. Recipients or categories of recipients of your data
Within our firm, internal departments or organizational units will receive your data required to meet our contractual and statutory obligations (such as executives and divisional managers who are looking for new employees or who participate in the hiring decision, accounting department, corporate physician, occupational safety department, etc.), or as part of handling and implementing our justified interests. Your data will be disseminated to external third parties exclusively
- under circumstances in which we are obligated or entitled to provide information, make a report, or pass on data (e.g., to tax authorities), or the passing on of data is in the public interest (cf. item 2.4 hereinabove);
- where external service providers process data on our behalf as processors or for the performance of functions (e.g., credit institutions, external data centers, travel agency/travel management, printing companies, or companies for data disposal, courier services, postal services, logistics);
- as a result of our justified interests or the justified interests of the third party for the purposes listed under item 2.2 hereinabove (e.g., to authorities, credit agencies, lawyers, courts, appraisers, affiliated companies, corporate bodies, and supervisory bodies);
- where you have given us consent for transmission of data to third parties.
We will not pass on your data to a third party without notifying you thereof separately. Where we commission service providers to perform processing on our behalf, your data will be subject to the safety standards that we have stipulated to protect your data in an appropriate manner. In other cases, the recipients may only use the data for the purposes transmitted.
5. Duration of the storage of your data
In principle, we process and store your data for the duration of your job application and where you provide us with your data to be included in our pool of applicants or the HKLW Talent Community. This also includes the initiation of a contract (precontractual legal relationship).
In addition, we are subject to various storage and documentation obligations, including under the German Commercial Code and the German Tax Code. The durations stipulated there for storage of documentation are up to ten years after the end of the contractual relationship or the precontractual legal relationship. The originals of your application documentation will be returned to you unless you have been recruited within six months. Electronic data will accordingly be erased after six months. You will be notified of details in connection with the respective procedure.
Where the data is no longer necessary to meet contractual or statutory obligations and rights, it will be erased on a regular basis, unless it is necessary to continue processing such data for a limited period to fulfill the purposes listed under item 2.2 hereinabove based on our overriding justified interests. An overriding justified interest of this kind will exist, for example, where erasure is not possible due to the particular type of storage or is only possible at disproportionately high expense. In such events, we may also store and, where necessary, use your data within a limited scope after the end of this contractual relationship for a duration agreed upon along with the purposes. In principle, in such events, instead of the data being erased, processing will be restricted. In other words, the data will be blocked against the otherwise usual use by means of corresponding measures.
6. Processing of your data in a third country or by an international organization
Data will be transmitted to parties in countries outside the European Economic Area EU/EEA (referred to as third countries) whenever necessary to meet a contractual obligation towards you (e.g., application for a position in another country) or where such is in the legitimate interests of us or a third party, or where you have consented thereto.
Your data may be processed in a third country, including in connection with the involvement of service providers within the scope of processing on behalf of a controller. Unless there is an EU Commission decision on an adequate level of data protection for the relevant country, there is a risk of access by the respective authorities without the availability of adequate legal remedies. In this context, appropriate contracts (such as EU standard contractual clauses) and additional measures may be used as a basis for the transfer. Information on the suitable or appropriate guarantees and on options to obtain a copy thereof may be requested from the Data Protection Officer.
7. Your data protection rights
Under certain circumstances, you may assert the following data protection rights against us:
Each data subject has the right of access in accordance with Article 15 GDPR, the right to rectification in accordance with Article 16 GDPR, the right to erasure in accordance with Article 17 GDPR, the right to restriction of processing in accordance with Article 18 GDPR, and the right to data portability in accordance with Article 20 GDPR. The restrictions in accordance with Sections 34 and 35 Federal Data Protection Act will apply to the right of access and the right to erasure. In addition, you have a right to complain to a data protection supervisory authority (Article 77 GDPR in conjunction with Section 19 Federal Data Protection Act).
Your requests to exercise your rights should ideally be sent in writing to the address listed hereinabove or directly to our Data Protection Officer.
8. Scope of your obligation to provide us with your data
You are only required to provide data necessary for the processing of your application or a precontractual relationship, or which we are obligated to collect by law. Without such data ,we will generally not be able to continue to perform the application and selection process. Where we request further information from you, you will be notified separately about the voluntary nature of such information.
9. Existence of automated decision-making in individual cases (including profiling)
We do not use purely automated individual decision-making procedures pursuant to Article 22 GDPR. Where we use such a procedure in individual cases in the future, however, we will notify you thereof separately if we are legally obligated to do so.
Information on your right to object in accordance with Article 21 GDPR
1. You have the right to object at any time to processing of personal data concerning you which is based on Article 6(1)(f) GDPR (data processing on the basis of weighing of interests) or Article 6(1)(e) GDPR (data processing in the public interest). There must, however, be grounds for your objection relating to your particular situation. This also applies to profiling based on this provision within the meaning of Article 4(4) GDPR.
Where you object, we will no longer process your personal data unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise, or defense of legal claims.
You may, of course, withdraw your application at any time.
2. We do not intend to use your personal data for purposes of direct marketing. Nevertheless, we are required to inform you that you have the right to object to advertising at any time. This also applies to profiling to the extent that it is connected with such direct advertising. We will respect such objection with effect for the future.
The objection may be filed without adhering to any formal requirements and should be sent to
Heuking Kühn Lüer Wojtek PartGmbB
Data Protection Officer Mr. Harald Eul
(HEC Harald Eul Consulting GmbH)
Georg-Glock-Straße 4
40474 Düsseldorf, Germany
Email: Datenschutz-Heuking(at)he-c.de
Our Privacy Notice in accordance with Articles 13, 14, and 21 GDPR may be amended from time to time. We will publish all updates on this site. Older versions will be archived for viewing.
Privacy Notice last updated: June 22, 2022
(Last updated May 30, 2018)
Information on data protection related to our processing of applicant data in accordance with articles 13, 14 and 21 general data protection Regulation (GDPR)
We take data protection very seriously and inform you herein how we process your data and what claims and rights you are entitled to under data protection regulations.
1. Data Controller and contact details
Data controller:
Heuking Kühn Lüer Wojtek PartGmbB
Georg-Glock-Strasse 4
D-40474 Düsseldorf, Germany
Contact details of our Data Protection Officer (also Data Protection Officer of all notaries working in the law firm):
Heuking Kühn Lüer Wojtek PartGmbB
Data Protection Officer Mr. Harald Eul
(HEC Harald Eul Consulting GmbH)
Georg-Glock-Strasse 4
D-40474 Düsseldorf, Germany
Email: dsb(at)heuking.de
2. Purpose of and legal basis for the processing of your data
We process personal data in accordance with the provisions of the General Data Protection Regulation (GDPR), the German Federal Data Protection Act (Bundesdatenschutzgesetz), as well as other applicable data protection regulations. Details can be found below. Further details or additions to the purposes for data processing can be found in the relevant contractual documentation, in forms, or in a declaration of consent and other information provided to you.
2.1 Purposes necessary for performance of a contract or precontractual measures (Art. 6(1)(b) GDPR)
Processing of your personal data is performed for the handling of your application based on a specific job advertisement or an unsolicited application, and in this connection only for the following purposes: examination and assessment of your suitability for the position to be filled, performance and conduct analysis within the legally permitted scope, if applicable for registration and authentication of an application via our website, if applicable for drafting an employment agreement, traceability of transactions, orders, and other agreements, as well as for quality control by means of appropriate documentation, measures for meeting the general duties of care, statistical evaluations for corporate management, travel and event management, travel bookings and travel cost invoicing, rights and credential management, cost recording, and controlling, reporting, internal and external communications, invoicing and tax evaluation of operational services (e.g., canteen food), invoicing via company credit cards, workplace security and health protection, communications relating to contracts (including appointments) with you, assertion of legal claims and defense in case of legal disputes; guaranteeing of IT security (including system or plausibility tests) and general security, including building and plant safety, securing and safeguarding of internal rules by means of corresponding measures, as well as, if applicable, by means of video surveillance for the protection of third parties and our employees, and to prevent and secure evidence in case of offenses; guarantees of integrity, prevention and solving of criminal acts; authenticity and availability of data, monitoring by supervisory boards or supervisory bodies (e.g., auditing).
2.2 Purposes within the framework of a legitimate interest on our part or of third parties (Art. 6(1)(f) GDPR)
Beyond the actual fulfillment of the (preliminary) contract, we will process your data if necessary to safeguard either our justified interests or those of third parties. Processing of your data will only take place if and insofar as no predominant interests on your part are opposed to such processing, for the following purposes in particular: measures for further processing of existing systems, processes and services; comparisons with European and international anti-terror lists, if they exceed the legal obligations; enhancement of our data, including through the use or researching of publicly accessible data if necessary; benchmarking; development of scoring systems or automated decision-making processes; building and plant security (e.g., by means of access control and video surveillance), if this exceeds the general duties of care; internal and external investigations, security investigations.
2.3 Purposes associated with your consent (Art. 6(1)(a) GDPR)
Processing of your personal data may also take place for certain purposes (e.g., to obtain references from previous employers or use of your data for future vacancies) on the basis of your consent. In general, you may revoke your consent at any time. You will be informed of the purposes and the consequences of revocation or failure to give consent in the corresponding text of the consent.
In principle, revocation of consent only affects the future. Any processing carried out prior to the revocation remains unaffected and legal.
2.4 Purposes necessary for compliance with a legal obligation (Art. 6(1)(c) GDPR) or for the performance of a task carried out in the public interest (Art. 6(1)(e) GDPR)
Like all players in business life, we are also subject to a large number of legal obligations. These are primarily statutory requirements (e.g., Works Constitution Act, Social Code, Commercial Code, and Tax Code), but also if applicable supervisory law or other requirements set out by government authorities (such as employers’ liability insurance associations). The purposes of processing may also include identity and age checks, prevention of fraud and money laundering (e.g., comparisons with European and international anti-terror lists), compliance with control and notification obligations under tax law as well as the archiving of data for the purposes of data protection and data security, as well as for purposes of audits by tax advisors/auditors, fiscal and other government authorities. In addition, it may be necessary to disclose personal data within the framework of official government/court measures for the purposes of collecting evidence, law enforcement and criminal prosecution or the satisfaction of civil law claims.
3. The data categories that we process if we do not receive data directly from you, and their origin
Where necessary for the contractual relationship with you and the application you have submitted, we process any data received from other bodies or from other third parties in a permissible manner. In addition, we process personal data that we have obtained, received, or acquired in a permissible way from publicly accessible sources (such as commercial and association registers, civil registers, press, internet, and other media), where required and where we are allowed to process such data in accordance with the statutory provisions.
Relevant categories of personal data may be in particular:
- address and contact data (registration data and similar data, such as email address and telephone number),
- information concerning you in the internet or on social networks,
- video data.
4. Recipients or categories of recipients of your data
Within our firm, internal departments or organizational units will receive your data required to meet our contractual and statutory obligations (such as executives and divisional managers who are looking for new employees or who participate in the decision on hiring, accounting department, corporate physician, occupational safety department, etc.), or as part of handling and implementing our justified interests. Dissemination of your data to external third parties takes place exclusively
- under circumstances in which we are obligated or entitled to provide information, make a report, or pass on data (e.g., to financial authorities) or the passing on of data is in the public interest (cf. item 2.4);
- insofar as external service providers process data on our behalf as processors or for the performance of functions (e.g., banks, external computer centers, travel agency/travel management, printing companies, or companies for data disposal, courier services, mail, logistics);
- as a result of our justified interests or the justified interests of the third party for the purposes stated under item 2.2 (e.g., to authorities, credit agencies, lawyers, courts, appraisers, affiliated companies, corporate bodies and supervisory bodies);
- if you have given us consent for transmission to third parties.
We will likewise not pass on your data to a third party without notifying you thereof separately. If we commission service providers to perform processing, your data will be subject to the security standards that we have stipulated in order to protect your data in an appropriate manner. In the aforementioned cases, the employees may only use the data for the purposes for which they were transmitted.
5. Duration of the storage of your data
In principle, we process and store your data for the duration of your application, as well as if you provide us with your data for incorporation into our pool of applicants or the HKLW Talent Community. This also includes the initiation of a contract (precontractual legal relationship).
In addition, we are subject to various storage and documentation obligations, arising among other things from the German Commercial Code and the German Tax Code. The durations prescribed there for storage of documentation are up to ten years after the end of the contractual relationship or the precontractual legal relationship. The original of your application documentation will be returned to you if you have not been recruited after six months. Electronic data will accordingly be erased after six months. You will be notified of details in connection with the process in question.
If the data are no longer necessary for the fulfillment of contractual or legal obligations and rights, they will be erased on a regular basis, unless it is necessary to continue processing them for a limited period in order to fulfill the purposes listed under item 2.2 based on our overriding justified interests. An overriding justified interest of this kind will exist, for example, if erasure is not possible due to the particular type of storage or is only possible at disproportionately high expense. In these cases, we may also store and if necessary use your data within a limited scope after the end of this contractual relationship for a duration agreed upon along with the purposes. In principle, in these cases, instead of the data being erased, processing will be restricted. In other words, the data will be blocked against the otherwise usual use by means of corresponding measures.
6. Processing of your data in a third country or through an international organization
Data are transmitted to parties in countries outside the European Economic Area EU/EEA (third countries) whenever such is necessary to meet a contractual obligation towards you (e.g., application for a position in another country) or where such is in the legitimate interests of us or a third party, or if you have issued us with your consent to such.
At the same time, your data may be processed in a third country, including in connection with the involvement of service providers within the framework of contract processing. If no decision has been issued by the EU Commission regarding the presence of an appropriate level of data protection for the respective country, we warrant that your rights and freedoms will be reasonably protected and guarantied in accordance with EU data protection requirements through contractual agreements to this effect. Information on the suitable or appropriate guarantees and about how and where you can obtain a copy of these may be requested from the operational data protection officer or the human resources department responsible for you.
7. Your data protection rights
Under certain circumstances, you may assert the following data protection rights against us:
Each data subject has the right of access in accordance with Art. 15 GDPR, the right to rectification in accordance with Art. 16 GDPR, the right to erasure in accordance with Art. 17 GDPR, the right to restrict processing in accordance with Art. 18 GDPR, as well as the right to data portability under Art. 20 GDPR. The restrictions in accordance with Sections 34 and 35 Federal Data Protection Act) will apply to the right of access and the right to erasure. In addition, you have a right to complain to a data protection supervisory authority (Art. 77 GDPR in conjunction with Section 19 Federal Data Protection Act).
Your requests to exercise your rights should ideally be sent in writing to the address listed above or directly to our Data Protection Officer.
8. Scope of your obligation to provide us with your data
You are only required to provide data that are necessary for the processing of your application or a pre-contractual relationship, or that we are obligated to collect by law. Without such data we will generally not be able to continue to perform the application and selection process. If we request further information from you, you will be notified separately that the information is voluntary.
9. Existence of automated decision-making in individual cases (including profiling)
We do not use any purely automated decision-making procedures pursuant to Article 22 GDPR. If we do, however, use a procedure of this kind in the future in individual cases, we will notify you separately thereof if we are legally obligated to do so.
Information on your right of objection under Art. 21 GDPR
1. You have the right to file an objection at any time against processing of your data carried out on the basis of Art. 6(1)(f) GDPR (data processing on the basis of a weighing-up of interests) or Art. Art. 6(1)(e) GDPR (data processing in the public interest). The precondition for this is, however, that there are grounds for your objection emanating from your special personal situation. This also applies to profiling based on this provision within the meaning of Art. 4(4) GDPR.
If you file an objection, we will no longer process your personal data unless we can demonstrate compelling reasons warranting protection for the processing that outweigh your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims.
You may, of course, withdraw your application at any time.
2. We do not intend to use your personal data for purposes of direct marketing. Nevertheless, we are required to inform you that you have the right to file an objection to advertising at any time. This also applies to profiling to the extent that it is connected with such direct advertising. We will respect this objection with effect for the future.
The objection may be filed without adhering to any formal requirements and should be sent to
Heuking Kühn Lüer Wojtek PartGmbB
Data Protection Officer Mr. Harald Eul
(HEC Harald Eul Consulting GmbH)
Georg-Glock-Strasse 4
D-40474 Düsseldorf, Germany
Email: dsb(at)heuking.de
Our information on data protection in accordance with Articles 13, 14, and 21 GDPR may change from time to time. We will publish all changes on this site. We will archive older versions for viewing.
Data protection information last updated: May 30, 2018
June 22, 2022
(Last updated June 22, 2022)
Information on Data Protection related to our processing of Applicant Data in accordance with articles 13, 14 and 21 General Data Protection Regulation (GDPR)
We take data protection very seriously and inform you herein how we process your data and what claims and rights you are entitled to under data protection regulations.
1. Data controller and contact details
Data controller:
Heuking Kühn Lüer Wojtek PartGmbB
Georg-Glock-Straße 4
D-40474 Düsseldorf, Germany
Contact details of our Data Protection Officer (also Data Protection Officer of all civil law notaries working in the law firm):
Heuking Kühn Lüer Wojtek PartGmbB
Data Protection Officer Mr. Harald Eul
(HEC Harald Eul Consulting GmbH)
Georg-Glock-Straße 4
40474 Düsseldorf, Germany
Email: Datenschutz-Heuking(at)he-c.de
2. Purposes of and legal basis for the processing of your data
We process personal data in accordance with the provisions of the General Data Protection Regulation (GDPR), the German Federal Data Protection Act, and other applicable data protection regulations. Details can be found below. Further details or additions to the purposes for data processing can be found in the relevant contractual documentation, in forms, or in a declaration of consent and other information provided to you.
2.1 Purposes necessary for the performance of a contract or precontractual measures (Article 6(1)(b) GDPR)
Your personal data will be processed for the purpose of processing your application in response to a specific job advertisement or as an unsolicited application, and in particular for the following purposes: examination and assessment of your suitability for the position to be filled, performance and conduct analysis within the legally permitted scope, if applicable for registration and authentication of an application via our website, where applicable for drafting an employment agreement, traceability of transactions, orders, and other agreements, as well as for quality control by means of appropriate documentation, measures for meeting the general duties of care, statistical evaluations for corporate management, travel and event management, travel bookings and travel cost invoicing, rights and credential management, cost recording and controlling, reporting, internal and external communications, invoicing and tax assessment of corporate services (such as canteen food), invoicing via company credit cards, workplace safety and health protection, communications relating to contracts (including appointments) with you, exercise or defense of legal claims in the event of legal disputes; guaranteeing of IT security (including system or plausibility tests) and general security, including building and plant safety, safeguarding and exercising of internal rules by means of appropriate measures, as well as, where applicable, by means of video surveillance for the protection of third parties and our employees, and to prevent and secure evidence in case of offenses; guarantees of integrity, prevention and investigation of criminal acts; authenticity and availability of data, monitoring by supervisory boards or supervisory bodies (e.g., auditing).
2.2 Purposes within the scope of our legitimate interests or those of third parties (Article 6(1)(f) GDPR)
Beyond the actual performance of the (preliminary) contract, we will process your data where necessary to safeguard either our justified interests or those of third parties. Your data will only be processed where there are no overriding interests on your part that are opposed to such processing, such as in particular for the following purposes: steps for further development of existing systems, processes, and services; comparisons with European and international anti-terror lists, where they exceed statutory obligations; enhancement of our data, including by using or researching of publicly accessible data where necessary; benchmarking; development of scoring systems or automated decision-making processes; building and plant security (e.g., by means of access control and video surveillance), where such exceeds the general duties of care; internal and external investigations, security investigations.
2.3 Purposes associated with your consent (Article 6(1)(a) GDPR)
Your personal data may also be processed for certain purposes (e.g., to obtain references from previous employers or using your data for future vacancies) on the basis of your consent. In general, you may revoke your consent at any time. You will be informed of the purposes and the consequences of revocation or failure to give consent in the relevant text of the consent.
In principle, revocation of consent will only be effective for the future. Any processing carried out prior to the revocation will remain unaffected and lawful.
2.4 Purposes necessary for compliance with a legal obligation (Article 6(1)(c) GDPR) or for the performance of a task carried out in the public interest (Article 6(1)(e) GDPR)
Like all actors in business life, we are also subject to a large number of statutory obligations. These are primarily statutory requirements (e.g., Works Constitution Act, Social Code, Commercial Code, and Tax Code), but also possible duties under supervisory law or other requirements set out by government authorities (such as employers’ liability insurance associations). The purposes of processing may also include identity and age checks, prevention of fraud and money laundering (e.g., comparisons with European and international anti-terror lists), compliance with control and notification obligations under tax law, as well as the archiving of data for the purposes of data protection and data security, and for purposes of audits by tax advisors/auditors, fiscal and other government authorities. In addition, it may be necessary to disclose personal data within the scope of official government/court measures for the purposes of collecting evidence, law enforcement and criminal prosecution, or the satisfaction of claims under civil law.
3. Data categories processed by us where we do not receive data directly from you, and their origin
Where necessary for the contractual relationship with you and the job application you have submitted, we may process data received from other bodies or from other third parties in a permissible manner. In addition, we will process personal data that we have obtained, received, or acquired in a permissible manner from publicly accessible sources (such as commercial and association registers, civil registers, press, internet, and other media) where required, and where we are allowed to process such data in accordance with the statutory provisions.
Relevant categories of personal data may include, in particular:
- address and contact details (registration data and similar data, such as email address and telephone number),
- information concerning you on the internet or on social networks,
- video data.
4. Recipients or categories of recipients of your data
Within our firm, internal departments or organizational units will receive your data required to meet our contractual and statutory obligations (such as executives and divisional managers who are looking for new employees or who participate in the hiring decision, accounting department, corporate physician, occupational safety department, etc.), or as part of handling and implementing our justified interests. Your data will be disseminated to external third parties exclusively
- under circumstances in which we are obligated or entitled to provide information, make a report, or pass on data (e.g., to tax authorities), or the passing on of data is in the public interest (cf. item 2.4 hereinabove);
- where external service providers process data on our behalf as processors or for the performance of functions (e.g., credit institutions, external data centers, travel agency/travel management, printing companies, or companies for data disposal, courier services, postal services, logistics);
- as a result of our justified interests or the justified interests of the third party for the purposes listed under item 2.2 hereinabove (e.g., to authorities, credit agencies, lawyers, courts, appraisers, affiliated companies, corporate bodies, and supervisory bodies);
- where you have given us consent for transmission of data to third parties.
We will not pass on your data to a third party without notifying you thereof separately. Where we commission service providers to perform processing on our behalf, your data will be subject to the safety standards that we have stipulated to protect your data in an appropriate manner. In other cases, the recipients may only use the data for the purposes transmitted.
5. Duration of the storage of your data
In principle, we process and store your data for the duration of your job application and where you provide us with your data to be included in our pool of applicants or the HKLW Talent Community. This also includes the initiation of a contract (precontractual legal relationship).
In addition, we are subject to various storage and documentation obligations, including under the German Commercial Code and the German Tax Code. The durations stipulated there for storage of documentation are up to ten years after the end of the contractual relationship or the precontractual legal relationship. The originals of your application documentation will be returned to you unless you have been recruited within six months. Electronic data will accordingly be erased after six months. You will be notified of details in connection with the respective procedure.
Where the data is no longer necessary to meet contractual or statutory obligations and rights, it will be erased on a regular basis, unless it is necessary to continue processing such data for a limited period to fulfill the purposes listed under item 2.2 hereinabove based on our overriding justified interests. An overriding justified interest of this kind will exist, for example, where erasure is not possible due to the particular type of storage or is only possible at disproportionately high expense. In such events, we may also store and, where necessary, use your data within a limited scope after the end of this contractual relationship for a duration agreed upon along with the purposes. In principle, in such events, instead of the data being erased, processing will be restricted. In other words, the data will be blocked against the otherwise usual use by means of corresponding measures.
6. Processing of your data in a third country or by an international organization
Data will be transmitted to parties in countries outside the European Economic Area EU/EEA (referred to as third countries) whenever necessary to meet a contractual obligation towards you (e.g., application for a position in another country) or where such is in the legitimate interests of us or a third party, or where you have consented thereto.
Your data may be processed in a third country, including in connection with the involvement of service providers within the scope of processing on behalf of a controller. Unless there is an EU Commission decision on an adequate level of data protection for the relevant country, there is a risk of access by the respective authorities without the availability of adequate legal remedies. In this context, appropriate contracts (such as EU standard contractual clauses) and additional measures may be used as a basis for the transfer. Information on the suitable or appropriate guarantees and on options to obtain a copy thereof may be requested from the Data Protection Officer.
7. Your data protection rights
Under certain circumstances, you may assert the following data protection rights against us:
Each data subject has the right of access in accordance with Article 15 GDPR, the right to rectification in accordance with Article 16 GDPR, the right to erasure in accordance with Article 17 GDPR, the right to restriction of processing in accordance with Article 18 GDPR, and the right to data portability in accordance with Article 20 GDPR. The restrictions in accordance with Sections 34 and 35 Federal Data Protection Act will apply to the right of access and the right to erasure. In addition, you have a right to complain to a data protection supervisory authority (Article 77 GDPR in conjunction with Section 19 Federal Data Protection Act).
Your requests to exercise your rights should ideally be sent in writing to the address listed hereinabove or directly to our Data Protection Officer.
8. Scope of your obligation to provide us with your data
You are only required to provide data necessary for the processing of your application or a precontractual relationship, or which we are obligated to collect by law. Without such data ,we will generally not be able to continue to perform the application and selection process. Where we request further information from you, you will be notified separately about the voluntary nature of such information.
9. Existence of automated decision-making in individual cases (including profiling)
We do not use purely automated individual decision-making procedures pursuant to Article 22 GDPR. Where we use such a procedure in individual cases in the future, however, we will notify you thereof separately if we are legally obligated to do so.
Information on your right to object in accordance with Article 21 GDPR
1. You have the right to object at any time to processing of personal data concerning you which is based on Article 6(1)(f) GDPR (data processing on the basis of weighing of interests) or Article 6(1)(e) GDPR (data processing in the public interest). There must, however, be grounds for your objection relating to your particular situation. This also applies to profiling based on this provision within the meaning of Article 4(4) GDPR.
Where you object, we will no longer process your personal data unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise, or defense of legal claims.
You may, of course, withdraw your application at any time.
2. We do not intend to use your personal data for purposes of direct marketing. Nevertheless, we are required to inform you that you have the right to object to advertising at any time. This also applies to profiling to the extent that it is connected with such direct advertising. We will respect such objection with effect for the future.
The objection may be filed without adhering to any formal requirements and should be sent to
Heuking Kühn Lüer Wojtek PartGmbB
Data Protection Officer Mr. Harald Eul
(HEC Harald Eul Consulting GmbH)
Georg-Glock-Straße 4
40474 Düsseldorf, Germany
Email: Datenschutz-Heuking(at)he-c.de
Our Privacy Notice in accordance with Articles 13, 14, and 21 GDPR may be amended from time to time. We will publish all updates on this site. Older versions will be archived for viewing.
Privacy Notice last updated: June 22, 2022
May 30, 2018
(Last updated May 30, 2018)
Information on data protection related to our processing of applicant data in accordance with articles 13, 14 and 21 general data protection Regulation (GDPR)
We take data protection very seriously and inform you herein how we process your data and what claims and rights you are entitled to under data protection regulations.
1. Data Controller and contact details
Data controller:
Heuking Kühn Lüer Wojtek PartGmbB
Georg-Glock-Strasse 4
D-40474 Düsseldorf, Germany
Contact details of our Data Protection Officer (also Data Protection Officer of all notaries working in the law firm):
Heuking Kühn Lüer Wojtek PartGmbB
Data Protection Officer Mr. Harald Eul
(HEC Harald Eul Consulting GmbH)
Georg-Glock-Strasse 4
D-40474 Düsseldorf, Germany
Email: dsb(at)heuking.de
2. Purpose of and legal basis for the processing of your data
We process personal data in accordance with the provisions of the General Data Protection Regulation (GDPR), the German Federal Data Protection Act (Bundesdatenschutzgesetz), as well as other applicable data protection regulations. Details can be found below. Further details or additions to the purposes for data processing can be found in the relevant contractual documentation, in forms, or in a declaration of consent and other information provided to you.
2.1 Purposes necessary for performance of a contract or precontractual measures (Art. 6(1)(b) GDPR)
Processing of your personal data is performed for the handling of your application based on a specific job advertisement or an unsolicited application, and in this connection only for the following purposes: examination and assessment of your suitability for the position to be filled, performance and conduct analysis within the legally permitted scope, if applicable for registration and authentication of an application via our website, if applicable for drafting an employment agreement, traceability of transactions, orders, and other agreements, as well as for quality control by means of appropriate documentation, measures for meeting the general duties of care, statistical evaluations for corporate management, travel and event management, travel bookings and travel cost invoicing, rights and credential management, cost recording, and controlling, reporting, internal and external communications, invoicing and tax evaluation of operational services (e.g., canteen food), invoicing via company credit cards, workplace security and health protection, communications relating to contracts (including appointments) with you, assertion of legal claims and defense in case of legal disputes; guaranteeing of IT security (including system or plausibility tests) and general security, including building and plant safety, securing and safeguarding of internal rules by means of corresponding measures, as well as, if applicable, by means of video surveillance for the protection of third parties and our employees, and to prevent and secure evidence in case of offenses; guarantees of integrity, prevention and solving of criminal acts; authenticity and availability of data, monitoring by supervisory boards or supervisory bodies (e.g., auditing).
2.2 Purposes within the framework of a legitimate interest on our part or of third parties (Art. 6(1)(f) GDPR)
Beyond the actual fulfillment of the (preliminary) contract, we will process your data if necessary to safeguard either our justified interests or those of third parties. Processing of your data will only take place if and insofar as no predominant interests on your part are opposed to such processing, for the following purposes in particular: measures for further processing of existing systems, processes and services; comparisons with European and international anti-terror lists, if they exceed the legal obligations; enhancement of our data, including through the use or researching of publicly accessible data if necessary; benchmarking; development of scoring systems or automated decision-making processes; building and plant security (e.g., by means of access control and video surveillance), if this exceeds the general duties of care; internal and external investigations, security investigations.
2.3 Purposes associated with your consent (Art. 6(1)(a) GDPR)
Processing of your personal data may also take place for certain purposes (e.g., to obtain references from previous employers or use of your data for future vacancies) on the basis of your consent. In general, you may revoke your consent at any time. You will be informed of the purposes and the consequences of revocation or failure to give consent in the corresponding text of the consent.
In principle, revocation of consent only affects the future. Any processing carried out prior to the revocation remains unaffected and legal.
2.4 Purposes necessary for compliance with a legal obligation (Art. 6(1)(c) GDPR) or for the performance of a task carried out in the public interest (Art. 6(1)(e) GDPR)
Like all players in business life, we are also subject to a large number of legal obligations. These are primarily statutory requirements (e.g., Works Constitution Act, Social Code, Commercial Code, and Tax Code), but also if applicable supervisory law or other requirements set out by government authorities (such as employers’ liability insurance associations). The purposes of processing may also include identity and age checks, prevention of fraud and money laundering (e.g., comparisons with European and international anti-terror lists), compliance with control and notification obligations under tax law as well as the archiving of data for the purposes of data protection and data security, as well as for purposes of audits by tax advisors/auditors, fiscal and other government authorities. In addition, it may be necessary to disclose personal data within the framework of official government/court measures for the purposes of collecting evidence, law enforcement and criminal prosecution or the satisfaction of civil law claims.
3. The data categories that we process if we do not receive data directly from you, and their origin
Where necessary for the contractual relationship with you and the application you have submitted, we process any data received from other bodies or from other third parties in a permissible manner. In addition, we process personal data that we have obtained, received, or acquired in a permissible way from publicly accessible sources (such as commercial and association registers, civil registers, press, internet, and other media), where required and where we are allowed to process such data in accordance with the statutory provisions.
Relevant categories of personal data may be in particular:
- address and contact data (registration data and similar data, such as email address and telephone number),
- information concerning you in the internet or on social networks,
- video data.
4. Recipients or categories of recipients of your data
Within our firm, internal departments or organizational units will receive your data required to meet our contractual and statutory obligations (such as executives and divisional managers who are looking for new employees or who participate in the decision on hiring, accounting department, corporate physician, occupational safety department, etc.), or as part of handling and implementing our justified interests. Dissemination of your data to external third parties takes place exclusively
- under circumstances in which we are obligated or entitled to provide information, make a report, or pass on data (e.g., to financial authorities) or the passing on of data is in the public interest (cf. item 2.4);
- insofar as external service providers process data on our behalf as processors or for the performance of functions (e.g., banks, external computer centers, travel agency/travel management, printing companies, or companies for data disposal, courier services, mail, logistics);
- as a result of our justified interests or the justified interests of the third party for the purposes stated under item 2.2 (e.g., to authorities, credit agencies, lawyers, courts, appraisers, affiliated companies, corporate bodies and supervisory bodies);
- if you have given us consent for transmission to third parties.
We will likewise not pass on your data to a third party without notifying you thereof separately. If we commission service providers to perform processing, your data will be subject to the security standards that we have stipulated in order to protect your data in an appropriate manner. In the aforementioned cases, the employees may only use the data for the purposes for which they were transmitted.
5. Duration of the storage of your data
In principle, we process and store your data for the duration of your application, as well as if you provide us with your data for incorporation into our pool of applicants or the HKLW Talent Community. This also includes the initiation of a contract (precontractual legal relationship).
In addition, we are subject to various storage and documentation obligations, arising among other things from the German Commercial Code and the German Tax Code. The durations prescribed there for storage of documentation are up to ten years after the end of the contractual relationship or the precontractual legal relationship. The original of your application documentation will be returned to you if you have not been recruited after six months. Electronic data will accordingly be erased after six months. You will be notified of details in connection with the process in question.
If the data are no longer necessary for the fulfillment of contractual or legal obligations and rights, they will be erased on a regular basis, unless it is necessary to continue processing them for a limited period in order to fulfill the purposes listed under item 2.2 based on our overriding justified interests. An overriding justified interest of this kind will exist, for example, if erasure is not possible due to the particular type of storage or is only possible at disproportionately high expense. In these cases, we may also store and if necessary use your data within a limited scope after the end of this contractual relationship for a duration agreed upon along with the purposes. In principle, in these cases, instead of the data being erased, processing will be restricted. In other words, the data will be blocked against the otherwise usual use by means of corresponding measures.
6. Processing of your data in a third country or through an international organization
Data are transmitted to parties in countries outside the European Economic Area EU/EEA (third countries) whenever such is necessary to meet a contractual obligation towards you (e.g., application for a position in another country) or where such is in the legitimate interests of us or a third party, or if you have issued us with your consent to such.
At the same time, your data may be processed in a third country, including in connection with the involvement of service providers within the framework of contract processing. If no decision has been issued by the EU Commission regarding the presence of an appropriate level of data protection for the respective country, we warrant that your rights and freedoms will be reasonably protected and guarantied in accordance with EU data protection requirements through contractual agreements to this effect. Information on the suitable or appropriate guarantees and about how and where you can obtain a copy of these may be requested from the operational data protection officer or the human resources department responsible for you.
7. Your data protection rights
Under certain circumstances, you may assert the following data protection rights against us:
Each data subject has the right of access in accordance with Art. 15 GDPR, the right to rectification in accordance with Art. 16 GDPR, the right to erasure in accordance with Art. 17 GDPR, the right to restrict processing in accordance with Art. 18 GDPR, as well as the right to data portability under Art. 20 GDPR. The restrictions in accordance with Sections 34 and 35 Federal Data Protection Act) will apply to the right of access and the right to erasure. In addition, you have a right to complain to a data protection supervisory authority (Art. 77 GDPR in conjunction with Section 19 Federal Data Protection Act).
Your requests to exercise your rights should ideally be sent in writing to the address listed above or directly to our Data Protection Officer.
8. Scope of your obligation to provide us with your data
You are only required to provide data that are necessary for the processing of your application or a pre-contractual relationship, or that we are obligated to collect by law. Without such data we will generally not be able to continue to perform the application and selection process. If we request further information from you, you will be notified separately that the information is voluntary.
9. Existence of automated decision-making in individual cases (including profiling)
We do not use any purely automated decision-making procedures pursuant to Article 22 GDPR. If we do, however, use a procedure of this kind in the future in individual cases, we will notify you separately thereof if we are legally obligated to do so.
Information on your right of objection under Art. 21 GDPR
1. You have the right to file an objection at any time against processing of your data carried out on the basis of Art. 6(1)(f) GDPR (data processing on the basis of a weighing-up of interests) or Art. Art. 6(1)(e) GDPR (data processing in the public interest). The precondition for this is, however, that there are grounds for your objection emanating from your special personal situation. This also applies to profiling based on this provision within the meaning of Art. 4(4) GDPR.
If you file an objection, we will no longer process your personal data unless we can demonstrate compelling reasons warranting protection for the processing that outweigh your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims.
You may, of course, withdraw your application at any time.
2. We do not intend to use your personal data for purposes of direct marketing. Nevertheless, we are required to inform you that you have the right to file an objection to advertising at any time. This also applies to profiling to the extent that it is connected with such direct advertising. We will respect this objection with effect for the future.
The objection may be filed without adhering to any formal requirements and should be sent to
Heuking Kühn Lüer Wojtek PartGmbB
Data Protection Officer Mr. Harald Eul
(HEC Harald Eul Consulting GmbH)
Georg-Glock-Strasse 4
D-40474 Düsseldorf, Germany
Email: dsb(at)heuking.de
Our information on data protection in accordance with Articles 13, 14, and 21 GDPR may change from time to time. We will publish all changes on this site. We will archive older versions for viewing.
Data protection information last updated: May 30, 2018