'%20stroke-width='15'%20stroke-linecap='round'%20stroke-dasharray='0%2044%200%2044%200%2044%200%2044%200%20360'%20cx='100'%20cy='100'%20r='70'%20transform-origin='center'%3e%3canimateTransform%20type='rotate'%20attributeName='transform'%20calcMode='discrete'%20dur='2'%20values='360;324;288;252;216;180;144;108;72;36'%20repeatCount='indefinite'%3e%3c/animateTransform%3e%3c/circle%3e%3c/svg%3e%20--%3e%3csvg%20width='78'%20height='78'%20viewBox='0%200%2078%2078'%20fill='none'%20xmlns='http://www.w3.org/2000/svg'%3e%3crect%20x='14'%20y='17'%20width='48'%20height='44'%20fill='white'%20/%3e%3cpath%20d='M24.0741%2034.9365C21.432%2034.9365%2019.377%2037.0503%2019.377%2039.7365C19.377%2042.4228%2021.4466%2044.5512%2024.0741%2044.5512C26.7016%2044.5512%2028.7714%2042.4375%2028.7714%2039.7365C28.7714%2037.0356%2026.7016%2034.9365%2024.0741%2034.9365Z'%20fill='%235082AF'%20/%3e%3cpath%20d='M38.5614%200C17.2624%200%200%2017.2624%200%2038.5616C0%2059.8606%2017.2624%2077.123%2038.5614%2077.123C59.8606%2077.123%2077.123%2059.8606%2077.123%2038.5616C77.123%2017.2624%2059.8606%200%2038.5614%200ZM32.1469%2047.5597H28.7707V46.0624L28.6533%2046.1651C27.2734%2047.2661%2025.644%2047.8386%2023.8093%2047.8386C19.3469%2047.8386%2015.9853%2044.3597%2015.9853%2039.7506C15.9853%2035.1413%2019.3469%2031.6624%2023.8093%2031.6624C25.5853%2031.6624%2027.2734%2032.2349%2028.6533%2033.3358L28.7707%2033.4238V31.9267H32.1469V47.5597ZM43.0238%2044.5506C44.7707%2044.5506%2046.3413%2043.611%2047.1486%2042.0992H50.7891C49.7616%2045.5781%2046.723%2047.824%2043.0238%2047.824C38.4147%2047.824%2034.9358%2044.345%2034.9358%2039.7358C34.9358%2035.1267%2038.4147%2031.6477%2043.0238%2031.6477C46.7083%2031.6477%2049.7469%2033.8936%2050.7891%2037.3872H47.1634C46.356%2035.8459%2044.8147%2034.9211%2043.0093%2034.9211C40.367%2034.9211%2038.312%2037.0349%2038.312%2039.7358C38.312%2042.4368%2040.3818%2044.5506%2043.0093%2044.5506H43.0238ZM60.213%2035.2H56.9835V42.7157C56.9835%2043.5963%2057.6882%2044.2862%2058.5835%2044.2862H60.213V47.5597H58.5835C55.7506%2047.5597%2053.6074%2045.4754%2053.6074%2042.7157V29.2992H56.9835V31.9267H60.213V35.2Z'%20fill='%235082AF'%20/%3e%3c/svg%3e)
Protecting your personal data is of utmost importance to us. This Privacy Statement explains what types of personal data we collect, how we use and process that personal data, and for what purposes. It applies to all act legal law firms, subject to the country’s specific provisions as outlined in Section 8.
1. Data controller
As a data controller we make decisions about how and why we use your personal data. We are responsible for making sure your personal data is used in accordance with applicable data protection laws, including the General Data Protection Regulation (“GDPR”).
1.1 Website
The entity responsible for controlling the processing of personal data on this website is:
ACT Legal Service Company GmbH | Zeppelinallee 77 | 60487 Frankfurt/Main | Email: frankfurt@actlegal-act.com | Tel: +49 69 24 70 97-0.
1.2 Individual law firms
If you submit personal data directly to one of our individual law firms (e.g. requesting legal advice, subscribing to a newsletter, submitting an application, etc.) the respective law firm shall act as the controller.
Further information about each individual law firm of act legal, including their contact details, can be found in the Imprint.
2. Purposes of personal data processing and legal bases
We may collect personal data directly from you, when handling a matter for you or when you communicate with us. We may also obtain personal data from other sources, such as publicly available platforms (e.g. LinkedIn), third-party systems (e.g. from recruitment agencies), other advisors, counterparties, or public authorities.
In certain circumstances, we may process special categories of personal data (for example, food preference during a seminar, photographs revealing ethnic origin, data relating to criminal convictions, background checks). Such data requires a higher level of protection and will only be processed: (i) with your explicit consent, (ii) necessary to protect somebody’s vital interests, (iii) where necessary to comply with employment, social security or social protection law obligations, or (iv) where necessary for the establishment, exercise or defence of legal claims.
We use your personal data for a range of purposes in connection with our legal and professional services:
2.1 Visiting our website
When accessing our website at www.actlegal.com, your browser automatically transmits certain information to our website’s server. This information is temporarily stored in a so-called log file. The following (personal) data is collected and stored until it is automatically deleted:
- IP address
- Date and time of access or request
- Time zone difference compared to Greenwich Mean Time (GMT)
- Content of request (specific page).
- Access status/HTTP status code
- Volume of data transmitted
- Website from which the request originated
- Operating system and its interface used
- Browser and language setting
We process the above data to ensure the website operates smoothly and is user-friendly, to maintain network and information security, to analyse system stability and performance, and for administrative purposes. This processing is based on our legitimate interests.
2.2 Legal and related services
When providing services to you, we may process the following personal data:
- Client master data and contact details: title, first name, surname, email address, postal address, telephone number, and identification details
- Matter-related information: all details and documents necessary to establish, exercise, or defend legal rights
- Enquiry-related information: details of your (legal) enquiries and our communications with you
- Information about other individuals: such as your customers, employees, counterparties, or ultimate beneficial owners (UBOs)
- Visitor information: data you provide when visiting our offices
- Billing and financial information: including payment and banking details
We process the above personal data for the performance of our contract with you, to comply with a legal obligation or within the context of our legitimate interest. More specifically, we may process this data to onboard you as our client, to comply with our general regulatory and statutory obligations (including our responsibilities under bar obligations, client conflicts, codes of conduct and anti-money and anti-bribery laws), to provide you with appropriate (legal) advice, training and representation, to communicate with you, to handle complaints, to comply with orders and requests from law enforcement agencies or any courts, to improve our services (e.g. by seeking feedback), to manage our business relationships with you and/or to issue invoices.
All such personal data is processed in accordance with our professional duties of confidentiality and legal privilege.
2.3 Marketing
For marketing purposes, we may process the following personal data:
- Client master data and contact details
- Matter-related information
- Visitor information in the context of events
- Legal practice area interests, business industry sector interests
- Marketing communications preferences, including your choices regarding newsletters, publications, and email communications
We process this personal data either on the basis of your consent (if such consent is required) or within the scope of our legitimate interests.
More specifically, we may process such data to send electronic direct marketing communications; manage and plan our business development and marketing strategies; analyse engagement with our communications (e.g. whether emails are opened or links are accessed); conduct surveys and event follow-ups; maintain records for general marketing and client relationship management purposes.
You may withdraw your consent to receive marketing communications at any time or object to processing carried out on the basis of legitimate interests.
2.4 Recruitment
During the recruitment and application process, we may process the following categories of personal data:
- Identification and contact information: e.g. name, gender, date of birth, address, telephone number, email address
- Application documents: e.g. curriculum vitae, cover letter, certificates, references, preferences regarding job location and salary, background checks, right to work status, residency, and visa information
- Professional background and qualifications: e.g. education, training, work experience, additional qualifications, professional memberships or accreditations, LinkedIn profile and other publicly available professional information,
- Visitor information: where applicable, data collected when visiting our offices
- Interview notes and associated feedback, evaluative notes and decisions from job interviews
- Image or photographs
- Any additional information you provide to us or that we collect about you during the recruitment process
- If required by applicable law, we may further process: ID/passport, national insurance number, emergency contact details, and other information we are legally required to process
We process the above personal data because it is necessary to take steps prior to entering into an employment contract with you (reviewing your application, assessing your suitability for the role, conducting interviews and evaluating performance), to comply with employment, tax, social security, and immigration laws if applicable (verifying your right to work, meeting equality and diversity obligations), within the context of our legitimate business interests (e.g. conducting reference checks) and/or when we rely on your consent (e.g. when keeping your CV on file for future roles).
3. Data sharing and transfers
3.1 Disclosure to other act legal law firms
We may share your personal data with another office of act legal. Such sharing occurs only where necessary and appropriate for legitimate business purposes, including:
- Providing legal services: to deliver coordinated, multi-jurisdictional, or specific jurisdictional legal advice to clients;
- Supporting business operations: in connection with act legal’s overall business strategy, client relationship management, and cross-border projects;
- Recruitment and HR purposes: where positions, candidate assessments, or recruitment activities are managed or coordinated across multiple act legal offices; and
- Internal administration: such as consolidated reporting, compliance, and management oversight within the act legal offices.
All law firms within act legal are committed to maintaining equivalent standards of data protection and confidentiality.
3.2 Disclosure to third parties
Where necessary for the management of our client relationship and the proper performance of our professional duties, your personal data may be shared with third parties, including:
- Opposing parties and their representatives (including their legal counsel, experts, or insurers);
- Courts, arbitral tribunals, and other judicial or quasi-judicial authorities;
- Government agencies, supervisory bodies, law enforcement authorities, or regulatory institutions;
- Notaries, bailiffs, mediators, and other legal professionals involved in the handling or formalisation of legal matters;
- External consultants and advisors, such as subject-matter experts, investigators, or legal correspondents assisting in specific cases;
- Accountants, auditors, and bookkeepers, where required for financial administration, billing, or compliance purposes;
- IT and cloud service providers, including providers of case management systems, document management tools, and secure communication platforms, insofar as they process data on our behalf;
- Professional service providers, such as translation agencies, courier services, or external training and HR consultants, where necessary for operational support; and
- Other affiliated entities, where cooperation is required to deliver cross-border or multi-jurisdictional legal services.
All such parties are carefully selected and bound by confidentiality and data protection obligations consistent with applicable laws and professional secrecy requirements.
We may also disclose your personal data to the relevant public bodies, authorities and any other recipients to whom we are required to disclose such data under applicable law.
In limited circumstances, where we work with a third party (e.g. consultant, notary) to provide you with our advice, we and the third party may be joint controllers of your personal data . Where this is the case, it will be notified to you by such third party.
Where personal data is transferred to a party located outside the European Economic Area (EEA), such transfer will only take place based upon an adequacy decision of the EC; appropriate safeguards such as standard contractual clauses, or a derogation under Article 49 GDPR (for example, your explicit consent, the performance of a contract, or the establishment, exercise, or defence of legal claims).
4. Rights of data subjects
As a data subject, you have the following rights in relation to your personal data:
- Access (Art. 15 GDPR): to obtain confirmation of whether we process your personal data and to receive a copy, together with information about how and why it is processed.
- Rectification (Art. 16 GDPR): to have inaccurate or incomplete personal data corrected without undue delay.
- Erasure (Art. 17 GDPR): to request the deletion of your personal data where it is no longer needed, where you withdraw consent, or where processing is unlawful, unless an exemption applies.
- Restriction (Art. 18 GDPR): to request that processing be limited while accuracy or legal grounds are verified.
- Data portability (Art. 20 GDPR): to receive the data you provided in a structured, commonly used and machine-readable format, or to have it transferred to another controller.
- Objection (Art. 21 GDPR): to object to processing based on legitimate interests. We will stop processing unless we demonstrate compelling legitimate grounds or need the data for legal claims. You have an absolute right to object to processing for direct marketing.
- Withdrawal of consent (Art. 7(3) GDPR): where processing relies on your consent, you may withdraw it at any time. This will not affect past lawful processing.
- Complaint (Art. 77 GDPR): to lodge a complaint with your supervisory authority if you believe we have infringed data protection laws. A full list of European data protection authorities and their contact details is available on the website of the European Data Protection Board. We encourage you to contact us first so we can address your concerns directly.
To exercise your rights or raise any concern, please contact us at the relevant address or e-mail address which can be found under Section 1 (Controller) and our Imprint (for each act legal entity).
5. Security measures
When you visit our website, we use the SSL (Secure Socket Layer) protocol in combination with the highest level of encryption supported by your browser. This is typically 256-bit encryption. If your browser does not support 256-bit encryption, we will default to 128-bit v3 technology. You can identify an encrypted connection by the closed padlock or key symbol displayed in your browser’s address or status bar.
Furthermore, each law firm within act legal implements a range of technical and organisational security measures designed to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. These measures are regularly reviewed and updated to reflect current technological and regulatory developments.
Please note, however, that data transmission over the internet can never be completely secure. Any personal data you send to us electronically is transmitted at your own risk. We therefore recommend taking appropriate precautions, such as ensuring your devices and networks are adequately protected.
6. Cookies and tracking services
For more information regarding how we use cookies and other tracking services in connection with your use of our website, please read our Cookie Policy.
7. Retention
We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including to comply with legal, regulatory, and professional obligations.
The retention period depends on several factors, such as (i) the applicable legal or regulatory requirements; (ii) whether any legal proceedings or disputes are ongoing or reasonably anticipated; (iii) the nature and sensitivity of the personal data; and (iv) any specific requests from you or a competent authority to retain the data for a valid reason. For specific retention periods, please request the data retention policy of the relevant act legal firm you have provided your personal data to.
Personal data collected in the course of providing legal services will be retained for the statutory period required for lawyers under applicable law. After that period, the data will be securely deleted unless (i) retention is required under Article 6(1)(c) GDPR for fiscal or other legal purposes; or (ii) you have provided consent for longer retention under Article 6(1)(a) GDPR.
All personal data is reviewed periodically and securely deleted or anonymised when it is no longer required.
8. Country specific provisions
8.1 Austria
For forms of electronic direct advertising outside the scope of application of Section 107 (3) of the Austrian Telecommunications Act (e.g. advertising to non-clients; advertising to customers about third-party goods/services), we will only process your data if you have given your express consent to the processing of your data (Art 6 (1) lit a GDPR). If we process your data on the basis of your consent, you have the right to revoke this consent at any time by email to vienna@actlegal-wmwp.com or by postal mail to Wiedenbauer Mutz Winkler & Partner Rechtsanwälte GmbH, Am Heumarkt 10, A-1030 Vienna. This does not affect the lawfulness of the data processing carried out up to this point (Art 7 (3) GDPR). If, despite our obligation to process your data lawfully, a breach of your right to lawful processing of your data should occur contrary to expectations, please contact us by post or email so that we can learn about and address your concerns.
We will only store your data for as long as is necessary for the purposes for which we collected your data:
For reasons of tax law, we generally store contracts and other documents as well as related correspondence from our contractual relationship for a period of ten years.
We are required by law to retain files from mandates for five years after termination of the mandate; in individual cases, such as for the assertion and defense of legal claims, we retain these files for up to 30 years after termination of the mandate.
You will remain on our newsletter distribution list until you unsubscribe from it.
Data on applicants who are not hired will be deleted after nine months unless we ask them for consent to keep records. For hired applicants, our internal data protection information for employees applies, which can be requested in the application process.
We will only store your data for as long as is necessary for the purposes for which we collected your data:
- For reasons of tax law, we generally store contracts and other documents as well as related correspondence from our contractual relationship for a period of ten years.
- We are required by law to retain files from mandates for five years after termination of the mandate; in individual cases, such as for the assertion and defense of legal claims, we retain these files for up to 30 years after termination of the mandate.
You will remain on our newsletter distribution list until you unsubscribe from it.
Data on applicants who are not hired will be deleted after nine months unless we ask them for consent to keep records. For hired applicants, our internal data protection information for employees applies, which can be requested in the application process.
8.2 Belgium
We will only retain your personal data for a limited period of time, and for no longer than is necessary for the purposes for which we are processing it for. Belgian legislation may require us to store certain personal data for extended periods (for instance legal files need to be retained for a period of 10 years).
To exercise any rights you have as a data subject towards act legal Belgium, please contact us by e-mail at brussels@actlegal-belgium.com.
8.3 Czech Republic
We use the following criteria to determine the processing period of your personal data:
(a) Data processed to comply with our legal obligations will be retained for the period required under the applicable legal regulations.
(b) For the purpose of performing the contract, your personal data will be processed until the termination of all obligations arising from the respective contract. This does not affect our ability to further process such personal data for the purpose of protecting our legitimate interests under point (c), or where required by applicable law.
(c) Data processed to protect our rights, legitimate interests, and property will be retained for the duration of our respective legitimate interest. Unless we determine a shorter processing period, the retention period will not exceed 5 calendar years following the termination of your obligations under the contract. In the event of judicial, administrative, or other proceedings concerning our mutual rights and/or obligations, processing will not end before the conclusion of such proceedings.
(d) Data processed on the basis of your consent will be retained until you withdraw such consent, unless a shorter processing period is determined.
The supervisory authority in the Czech Republic in the area of personal data processing is the Office for Personal Data Protection (in Czech Úřad pro ochranu osobních údajů).
8.4 Germany
Should your personal data be collected due to our notarial activity, the person responsible for the processing of personal data in the sense of Art. 4 No. 7 GDPR is lawyer and notary Dr. Marco Loesche, Zeppelinallee 77 | 60487 Frankfurt am Main | E-Mail: frankfurt@actlegal-germany.com | Phone: +49 69 2470970.
The data protection officer for notarial matters of the notary Dr. Marco Loesche can be contacted at the above address as well as at the e-mail address datenschutz@actlegal-germany.com | Phone: +49 69 2470970.
The transfer of your personal data, which were taken up in the context of the notarial activity and as far as it concerns personal data, which are subject to the notarial secrecy, a passing on to third parties takes place only in agreement with you. The notarial duty of confidentiality remains unaffected.
Unless we establish an employment relationship with you, your application data will be stored by us for up to 6 months after the end of the application process and then deleted.
The personal data that we collect for the purpose of fulfilling the contract will be stored for 6 years after the end of the calendar year in which the client was terminated and then deleted unless we have consented to longer storage in accordance with Art. 6 para. 1 sentence 1 lit. c GDPR due to tax and commercial law retention and documentation obligations in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR.
8.5 Hungary
The personal data that we collect for the purpose of fulfilling the contract will be stored for 5 years after the termination of the engagement or, in the case of an electronic document form, for 10 years, further in case of documents, data that is affected by countersigning, for 10 years; data will be then deleted unless we have consented to longer storage in accordance with Art. 6 para. 1 sentence 1 lit. c GDPR due to tax and commercial law retention and documentation obligations in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR.
Unless we establish an employment relationship with you, your application data will be stored by us for up to 6 months after the end of the application process and then deleted, unless we have consented to keep records of the application data. In such a case, application data will be stored until revocation of the consent. For hired applicants, our internal data protection information for employees applies.
8.6 Italy
Personal data, processed for the above purposes, will be kept for the duration of the assignment and, subsequently, for as long as the professional is subject to retention obligations for tax or other purposes, as provided for by law or regulation. Personal data of candidates are kept for a maximum of 24 months from the date of receipt of the CV, after which period the personal data are deleted.
8.7 The Netherlands
We store data for as long as that is necessary to provide the service you requested. An exception applies to the data that we must store for a longer period because we are required to do so by law. We follow the guidelines of the Dutch Bar Association with regard to the retention of files, which we retain for a period of 20 years. You may access your personal data and request their rectification or erasure. You may do so by sending an email to amsterdam@actlegal-netherlands.com.
8.8 Poland
With respect to any personal data provided to act legal Poland, the data controller is going to be act legal Bieniak Smołuch Wielhorski Wojnar i Partnerzy. Adwokaci, Radcowie Prawni i Doradcy Podatkowi sp.p., with its registered office in Warsaw, at Chmielna 73, 00-801 Warsaw, tel: +48 22 420 59 59, e-mail: warsaw@actlegal-bsww.com.
We process your personal data to reply to your message and thus, to provide the relevant service which is our legitimate interest pursuant to Article 6(1)(f) of the GDPR. If a given request does not lead to the conclusion of an agreement with the Controller, personal data will be processed for the period resulting from the storage functionality of the electronic mailbox of the Controller. You provide all information voluntarily. If you fail to provide your contact details, processing of your request may prove impossible.
If you give consent to receive our newsletter, publications or invitations to events via direct marketing, we will process your first name, last name, name of an entity with which you cooperate, position and email address in order to provide you with information which you are interested in by email. The data is provided voluntarily, but a failure to provide it may result in the inability to send you the information you are interested in. The basis for processing is your consent on the basis of Article 6(1)(a) of the GDPR, whereas your data will be processed until the moment you withdraw your consent at the latest.
If you send your application without indicating a job offer, the basis for processing of personal data will be your consent given voluntarily in accordance with Article 6(1)(a) of the GDPR. If you give your consent, we may retain your data included in the application for a specific offer for the purposes of future recruitment processes. In any case your data will not be processed longer than for one year.
8.9 Romania
-
8.10 Slovakia
Your personal data will be stored as long as it is necessary for personal data processing. When storing personal data, we observe the recommended retention periods according to the Resolution of the Presidency of the Slovak Bar Association No. 29/11/2011, e.g.:
attorneys keep the book of postal records regarding incoming and outgoing correspondence for ten years counting from the date of receipt or dispatch of the last document;
attorneys keep the inventory list for ten years counting from the date of its preparation;
the client file is kept for ten years from the day when all of the conditions for storing the file in the archive have been met.
Attorneys are subject to professional rules governing the duties of attorneys under the Act on Advocacy. According to these rules, the retention periods are extended or it is prohibited to shred documents, in case there are understandable reasons, e.g.:
the file of the client contains originals of documents which were handed over to the attorney;
file protocols of the client and the client list;
documents which shall be handed over to the State Archive;
it is precluded to shred files of the client in case there are any court proceeding, administrative proceedings, proceedings conducted by law bodies, proceedings conducted by the Bar in case these proceedings concern the action or omission of the attorney when providing legal assistance in the client's matter and the matter relates to the content of the client's file.
If personal data relates to a client (regardless of whether the client is a legal or natural person), the right of access to data or the right to data portability cannot be asserted by other persons due to our obligation to maintain confidentiality and with reference to Article 15 (4) of the GDPR, Article 20 (4) of the GDPR and Section 18 (8) of the Act on Advocacy: “The attorney is not obliged to provide information on the processing of personal data, to give access or to portability of personal data under a separate regulation, if this could lead to a breach of the attorney´s confidentiality obligation.”
8.11 Spain
We will store your personal data only for the time strictly necessary to serve the purposes for which it was collected and, in any case, it will be blocked for a maximum period of five (5) years following the termination of the business relationship or the execution of the occasional transaction, as this is the legally established limitation period for bringing legal actions under the Spanish Law of Civil Procedure. This period may be extended only where a longer retention period is required by applicable legal obligations.
As for CVs received of applicants that are not finally hired, the maximum storage period will be two (2) years.
8.12 Bulgaria
-
8.13 Portugal
Enes, Almeida Cabral & Associados, Sociedade de Advogados SP RL (“act Portugal”), with offices at Rua Castilho, n.º 75, 6.º Dto., 1250-068 Lisbon, and legal entity number 516 269 917, is the controller of your personal data.
Your personal data is collected by act Portugal for the purpose of performing a contract for the provision of legal services and for pre-contractual procedures relating to that contract. It is also collected for the pursuit of act Portugal’s legitimate interest, such as, for example, for the efficient processing of information, which allows act Portugal to provide services and to send communications and legal information.
Your personal data is stored for the period necessary for the purposes for which it is collected or for the period required by applicable legal or regulatory standards.
