Privacy Notice

1. General Principles

This Privacy Notice explains how Lieff Cabraser Heimann & Bernstein, LLP (hereinafter “Lieff Cabraser”) collects, uses and discloses personal information through its website and social media platforms, in providing legal services to our clients and in dealing with our service providers.

Lieff Cabraser is committed to protecting your privacy and would like you to understand how we collect, use and disclose your personal information.

Personal data pursuant to Art. 4 No. 1 EU General Data Protection Regulation (hereinafter “GDPR”) means any information about personal or factual circumstances of a specific or identifiable natural person, such as name and date of birth.

The use of our website is usually possible without providing personal data. However, in order to provide our services, we may need your personal data (e.g. name, address, or email address). This applies, for example, to the distribution of information material, responding to individual inquiries and the performance of our other tasks. As far as possible, data is always collected on a voluntary basis. The data collected will not be transferred to third parties without your express consent. The employees of Lieff Cabraser are obliged to maintain confidentiality.

If you send us inquiries, applications or other information, we only collect and store your personal data insofar as it is necessary for the execution of the respective process or task and for the performance of services. For this purpose, it may be necessary in individual cases to transfer your personal data to companies or third parties that we use to process the task or service. You can find out more in the following specifications. If we carry out any of the described or other actions and collect, save or pass on your personal data, we will ask you for your express consent at the corresponding moment on our website.

Any personal data will only be transferred to service providers who work on our behalf. These service providers have previously been obliged to comply with data protection regulations. There is no other transfer of personal data to third parties.

After completion of any task, process or contract, your data will be made inaccessible and deleted after the relevant tax and commercial retention periods or if there are no other national or EU regulations, laws and other regulations, unless you have expressly consented to a further use of the data.

2. Contact Details of the Data Controller

The controller within the meaning of Art. 4 No. 7 GDPR is:
Lieff Cabraser Heimann & Bernstein, LLP
Frauenplatz 2
80331 Munich
Germany
Phone: +49.89.2555.2360
Fax: +49.89.2555.2359

3. Contact Details of the Person Responsible for Data Protection

You can reach the person responsible for data protection at the following contact details:

Email: contact.munich@lchb.com
Address: Frauenplatz 2, 80331 Munich, Germany
Phone: +49.89.2555.2360
Fax: +49.89.2555.2359

4. Personal Data We Collect

We collect your personal data and other information that you provide to us by

  • contacting us for information:
    We will ask for your name, job title, employer, address, phone number and email address. Depending on the nature of your inquiry, we may request additional information.
  • applying for a position with us through the career section of our website:
    We will ask for your name, phone number, email address, postal address, information on your CV and other information needed for our recruitment process.
  • visiting our website:
    Your search requests, IP address and the entire URL clickstream through our website will be automatically recorded. We also use cookies (please see section 11, below).
    This data will not be shared to other companies or individuals, other than following an order from a governmental or regulatory body.

5. Purpose of Data Collection

This section of our Privacy Notice explains how we use the personal information that we collect about you. If we use your personal information for a new purpose, we will update this Privacy Notice and bring these changes to your attention.

We use personal data that we collect about you in order to

  • provide you with legal and other services;
  • respond to your inquiry or an application you make for a position with us;
  • provide website content that is relevant and better design our website by using patterns;
  • protect our information technology systems and data against fraud, unauthorized use and other illegal activities;
  • receive and operate services from our service providers;
  • comply with our legal and regulatory obligations (e.g., ‘know your customer’ rules) and respond to legal requests for information from a governmental or regulatory body;
  • assert our contractual and other rights.

6. Legal Basis For Processing

Art. 6 para. 1 lit. a GDPR serves as the legal basis for processing operations for which we obtain consent for a specific processing purpose. Processing personal data necessary for the performance of a contract to which the data subject is a party is based on Art. 6 para. 1 lit. b GDPR. This also applies to processing operations that are necessary to carry out pre-contractual measures. Processing of personal data necessary to fulfill a legal obligation to which Lieff Cabraser is subject is based on Art. 6 para. 1 lit. c GDPR.

In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject or of another natural person, Art. 6 para. 1 lit. d GDPR. Finally, processing operations could be based on Art. 6 para. 1 lit. f GDPR. This legal basis is used for processing operations which are not covered by any of the abovementioned legal grounds, if processing is necessary for the purposes of the legitimate interests pursued by Lieff Cabraser or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.

7. Where We Store and How We Protect Your Personal Data

Your personal data is securely stored on our servers in Munich, Germany, behind GDPR-compliant encryption. We take all necessary protective measures of a technical and physical nature in order to comply with applicable legal requirements and safeguard the data that we collect. In particular, this includes strict physical security policies, web and email content inspection, anti-virus protection against malware, intrusion detection and prevention, and continuous and comprehensive endpoint visibility including application control software. Furthermore, we encrypt all firm-managed laptops and support transport layer security (TLS) encryption for secure email communication.

8. How Long We Store Personal Data

We retain personal data in accordance with applicable law and regulation and our records retention policy based on these laws and regulations. The exact storage period is determined by a number of criteria, including our legal and regulatory obligations (in particular, our professional storage requirements pursuant to section 50 para. 1 of the Federal Lawyers’ Act), the purposes for which we are using the information, the amount and sensitivity of the information, and the potential risk from any unauthorized use or disclosure of the information.

9. Disclosure of Personal Data to Third Parties within the EU

We disclose your personal data to

  • third parties (such as other parties to transactions and their advisers) as necessary in providing services to our clients;
  • companies which provide services to us, such as hosting and other information technology services;
  • governmental / regulatory body or other third parties with legal rights, as required by the laws of any jurisdiction that may apply to us;
  • any other third party with your prior consent.

10. Transfer of Personal Data to Third Countries

We may also transfer your personal data internationally in order to comply with our legal or regulatory obligations, where this is necessary for the exercise, establishment or defense of legal claims, or in other circumstances permitted by applicable local law.

Appropriate safeguards for personal data transfers to such third parties will be ensured through standard contractual clauses from EU controllers to non-EU controllers issued by the European Commission, with your consent or on the basis that the data transfer is otherwise compliant with applicable data protection law.

Some of the service providers we may use to store information may be located in the United States or other countries that are not recognized under European Union data protection law as providing an adequate level of protection for personal data.

11. Use of Cookies

Our website uses cookies that serve to make our website and services more user- friendly, more effective and safer. Cookies are small text files that are stored on your computer and saved by your browser.
All of the cookies we use are so-called “session cookies”. They are technically necessary and automatically deleted after your visit.

12. Your Rights in the Context of Data Collection and Data Processing

If our collection, use or disclosure of your personal information is subject to the GDPR, you have the following rights.
Please note that some of these rights may be subject to exceptions under European data protection law and national data protection law (such as exceptions to protect information that is subject to legal professional privilege).

a. Right to Request Information
Pursuant to Art. 15 GDPR, you have the right to request confirmation whether we process your personal data and to provide you with a copy of that data.
If any processing is taking place, you can request information about the following:

  • the purposes for which the personal data is processed;
  • the categories of processed personal data;
  • the recipients or categories of recipients to whom the personal data concerning you has been or will be disclosed;
  • the intended duration of storage of your personal data or, if specific information on this is not possible, criteria for determining the storage period;
  • the existence of a right to correction or deletion of your personal data, a right to restrict the data processing by the controller or a right to object to this processing;
  • the right to lodge a complaint with a supervisory authority;
  • all available information about the origin of the data if the personal data is not collected from the data subject;
  • the existence of automated decision-making, including profiling, in accordance with Art. 22 para. 1 and 4 GDPR and – at least in these cases – meaningful information about the logic involved and the scope and intended effects of such processing for the data subject.

You have the right to request information as to whether your personal data is transferred to a third country or to an international organization. In this context, you can request information about the appropriate guarantees in accordance with Art. 46 GDPR.

b. Right to Rectification
You have the right to request that we correct any information you believe is inaccurate, Art. 16 GDPR. You also have the right to request the controller to complete any information you believe is incomplete. The person responsible must make the correction without undue delay.

c. Right to Deletion
Pursuant to Art. 17 GDPR, you can request us to delete your personal data without undue delay, and we are obliged to delete this data without undue delay if

  • the personal data is no longer necessary for the purposes for which they were collected or otherwise processed; or
  • you revoke your consent on which the processing was based in accordance with Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a GDPR, and there is no other legal basis for the processing; or
  • there is an objection according to Art. 21 para. 1 GDPR and there is no overriding legitimate reason for the processing, or you file an objection pursuant to Art. 21 para. 2 GDPR to object to the data processing; or
  • the personal data concerning you has been unlawfully processed; or
  • the deletion of your personal data is necessary to fulfill a legal obligation under European Union law or the law of the Member States to which the controller is subject; or
  • the personal data relating to you was collected in relation to information services offered in accordance with Article 8 para. 1 GDPR.
    The right to deletion does not exist if the processing is necessary
  • to exercise the right to freedom of expression and information;
  • to fulfill a legal obligation that requires processing in accordance with the law of the European Union or the member states to which the controller is subject, or to perform a task that is in the public interest or in the exercise of public authority that was transferred to the controller;
  • for reasons of public interest in the area of public health in accordance with Art. 9 para. 2 lit. h and i and Art. 9 para. 3 GDPR;
  • for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes according to Art. 89 para. 1 GDPR, insofar as the right mentioned under section a) is likely to render impossible or seriously impair the achievement of the objectives of this processing, or
  • to assert, exercise or defend legal rights.
    If the controller has made your personal data public and, pursuant to Art. 17 para. 1 GDPR, is obliged to delete it, taking into account the available technology and the implementation costs, it takes appropriate measures, including technical ones, to notify the relevant third parties that you have asked that the data be deleted. All links to this personal data or copies or replications of this personal data are subject to deletion.

d. Right to Restrict Processing
You can request pursuant to Art. 18 GDPR that the processing of your personal data will be restricted if

  • you dispute the accuracy of your personal data for a period of time that enables the controller to check the accuracy of the personal data; or
  • the data processing is unlawful and you refuse the deletion of the personal data and instead request that the use of the personal data be restricted; or
  • the controller no longer needs the personal data for the purposes of processing, but you need the data to assert, exercise or defend legal claims; or
  • you have objected to the data processing in accordance with Art. 21 para. 1 GDPR and it is not yet certain whether the controller’s legitimate reasons outweigh your reasons.

If the processing of your personal data has been restricted, this data – apart from its storage – may only be obtained with your consent or to assert, exercise or defend legal claims or to protect the rights of another natural or legal person or for important reasons processed in the public interest of the European Union or a Member State.

If the processing according to the conditions above is restricted, the controller will inform you before the restriction is lifted.

e. Right of Notification
If you have exercised your right to rectification, deletion or restriction of processing against the controller, the controller is obliged to notify all recipients to whom your personal data has been disclosed of this correction or deletion or restriction of processing, unless this proves to be impossible or involves a disproportionate effort, Art. 19 GDPR.
You have the right to be informed by the controller about these recipients.

f. Right of Data Portability
Pursuant to Art. 20 GDPR, you have the right to receive your personal data that you have provided to the controller in a structured, common and machine-readable format. You also have the right to transfer this data to another controller without hindrance from the controller to whom the personal data has been provided, under the condition that

  • the processing is based on consent in accordance with Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR or on a contract according to Art. 6 para. 1 lit. b GDPR; and
  • the processing is carried out using automated processes.

In exercising this right, you also have the right to have your personal data transferred directly from one controller to another, insofar as this is technically feasible. The freedoms and rights of other people must not be affected by this.

The right to data portability does not apply to the processing of personal data that is necessary for the performance of a task that is in the public interest or in the exercise of official authority transferred to the controller.

g. Right to Object
Pursuant to Art. 21 GDPR, you have the right, for reasons arising from your particular situation, to object at any time to the processing of your personal data based on Art. 6 para. 1 lit. e or f GDPR. The controller will no longer process the personal data relating to you, unless it can demonstrate compelling legitimate grounds for the processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal rights.

If your personal data is processed in order to operate direct mail, you have the right to object at any time to the processing of your personal data for the purpose of such advertising. If you object to the processing for direct marketing purposes, the personal data relating to you will no longer be processed for these purposes.

Regardless of Directive 2002/58/EC, you have the option of exercising your right to object in connection with the use of information services using automated procedures that use technical specifications.

h. Right to Withdraw Your Consent
If the controller is processing your personal data on the basis of your consent, you have the right to withdraw your consent at any time pursuant to Art. 7 para. 3 GDPR. Withdrawing your consent will not affect the legality of the processing of your data based on your consent prior to your withdrawal.

i. Right to Complain
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the member state of your residence, your place of work or the place of the alleged violation if you believe that the processing of your personal data is in violation of the GDPR.
The supervisory authority to which the complaint has been submitted shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy in accordance with Art. 78 GDPR. The competent supervisory authority in such case is:

Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)
Promenade 18
91522 Ansbach
Germany
Phone: +49 981 180093 0
Fax: +49 981 180093 800

13. Links to Third Party Websites and Social Media

Our website may contain cross-references (hereinafter “links”) to website of other providers and to social media platforms. We would like to point out that we are not responsible for third party content and that our data protection information only relates to the websites of Lieff Cabraser. We have no influence on this and do not control whether and how your data is collected, processed and used on external websites and whether the external provider complies with the applicable data protection regulations. Our privacy policy applies only to our website, so if you click on a link to another website, you should read their privacy policy.

In particular, our website contains links to our profiles at social media providers such as LinkedIn. Such links are merely passive links and are not intended to collect or disclose any personal data. For information on the processing of your personal data by these social media providers, please refer to their respective privacy policy:

LinkedIn: linkedin.com/legal/privacy-policy

If you believe that the linked external pages violate applicable law or have any other inappropriate content, please let us know.

14. Privacy Policy Updates

We regularly review this Privacy Notice. Any changes will be reflected within an updated version available on our website. Where appropriate, we may directly notify you of changes by email.