1. Who is responsible and who can you turn to?
I, the notary Dr Sabine Englelhardt, registered in Berlin, am responsible for the processing of your data. If you have any questions about data protection, you can contact me or my data protection officer, as follows: Dr Sabine Engelhardt, notary, Karl-Heinrich-Ulrichs-Straße 24, 10785 Berlin, Germany, firstname.lastname@example.org, tel. +49 (030) 405994-0, fax: +49 (0)30 405994-16 or Höbbel Enterprises GmbH, Mr Andreas Höbbel, Nachtigalplatz 6, 13351 Berlin, email@example.com or firstname.lastname@example.org.
2. What data do I process and where does this data come from?
I process personal data which I receive from you yourself or from third parties appointed by you (e.g. lawyer, tax adviser, estate agent, bank). This data includes:
- personal data, e.g. first name and surname, date of birth and place of birth, nationality, marital status; in individual cases your birth registration number,
- contact data, e.g. postal address, telephone and fax numbers, email address,
- your tax identification number in the case of contracts for the purchase or sale of real property,
- in particular cases, e.g. prenuptial agreements, wills, testamentary contracts or adoption, data about your family situation as well, about your assets and, where relevant, information about your health or other sensitive data, e.g. because this data serves as documentary proof of your legal capacity,
- in certain cases, data concerning your legal relationships with third parties, e.g. reference numbers or loan or account numbers with banks.
I also process data taken from public registers, e.g. land register, commercial register, register of associations.
3. For what purposes and on what legal basis is the data processed?
As a notary, I hold a public office. My official duties involve performing tasks that are in the general public’s interest in the proper and precautionary administration of justice and so are in the public interest. My duties also involve exercising public authority (Article 6, para. 1, sentence 1, point e of the General Data Protection Regulation (GDPR)).
Your data is processed exclusively to enable me to carry out the tasks requested by you and possibly other persons involved in a transaction and to do so in accordance with my public duties. Such tasks include, for example, creating draft deeds, notarising and executing deeds-based transactions and providing advice. The processing of personal data is, therefore, only ever carried out on the basis of the rules of professional conduct and provisions in procedural law that apply to me and that essentially derive from the German Federal Notaries Ordinance and the German Authentication Act. Moreover, these provisions create a legal obligation for me to process the necessary data (Article 6, para. 1, sentence 1, point c of the GDPR). For me not to make available the data that I request from you would, therefore, mean that I would have to refuse to continue to carry out my official duties.
4. Who do I forward data to?
As a notary, I am bound by a statutory duty of confidentiality. This duty of confidentiality also applies to all my staff and to any other people who I hire.
For this reason, I am only allowed to forward your data if and insofar as I am required to do so in each individual case, e.g. because of my duty to inform vis-à-vis the tax authorities, or because I have to forward your data to public registers like the land registry, commercial registers or registers of associations, the central register for wills, the register for enduring powers of attorney, courts like the probate court, the guardianship court or the family court, or public authorities. As part of the supervision of the professional activities of notaries, I am also sometimes required to pass on information to the Chamber of Notaries or to the supervisory authorities for my profession. These bodies, in turn, are subject to a duty of confidentiality.
Apart from this, your data is only forwarded if I am required to do so because of declarations that you have made or because you have applied for this data to be forwarded.
5. Is data forwarded to non-EU countries?
Your personal data is only forwarded to non-EU countries if you have specifically requested this or if and insofar as a party involved in a deed is based in a non-EU country.
6. How long is your data stored for?
I process and store your personal data as part of my statutory obligations to retain records.
According to section 5, subsection 4 of the Professional Rules for Notaries, the following retention periods apply to the storage of notarial documents:
- deed roll, index of testamentary contract, index of names for deed roll and collection of deeds including testamentary contracts that are stored separately (section 18, subsection 4 of the Professional Rules for Notaries): 100 years,
- deposit ledger, escrow ledger, index of names for the escrow ledger, list of escrow accounts, general files: 30 years,
- supplementary files: 7 years; the notary can determine a longer retention period at the latest when the contents of the file were last worked on, e.g. in the case of testamentary dispositions or where there is a risk of legal recourse. This decision can also be made in general terms for particular types of legal transactions, e.g. testamentary dispositions.
After the storage periods have elapsed, the data is deleted or the paper documents destroyed, unless I am required according to Article 6, para. 1, sentence 1, point c of the GDPR to store this data for a longer period because of retention and documentation obligations in tax and commercial law (arising from the German Commercial Code, the German Penal Code, the German Money Laundering Act or the German Fiscal Code) and/or because of professional rules for carrying out a check on a conflict of laws.
7. What rights do you have?
You have the right:
- to demand information about whether I am processing personal data about you and, if I am, for what purposes I am processing this data and what categories of personal data I am processing, who the data was forwarded to, how long the data is supposed to be stored for, where applicable, and what your rights are.
- to cause to be corrected any incorrect personal data concerning your person that is stored by me. You also have the right to require me to complete an incomplete dataset that I have stored.
- to demand the deletion of personal data concerning your person insofar as there is a reason envisaged by law (see Article 17 of the GDPR) and the processing of your data is not necessary for the fulfilment of a legal obligation or for other overriding reasons as set out in the GDPR.
- to demand from me that I only process your data in a restricted way, e.g. to assert legal claims or for reasons of an important public interest, whilst I , for example, examine your claim to have your data corrected or to object, or possibly if I reject your claim to have your data deleted (see Article 18 of the GDPR).
- to object to the processing of your data insofar as this processing is necessary to enable me to carry out tasks that are in the public interest or to exercise my official duties if there are reasons for this objection which result from your particular situation.
- to take a complaint under data protection law to the supervisory authorities. The supervisory authority with responsibility for me is the Berlin Officer for Data Protection and Freedom of Information, Friedrichstraße 29, 10969 Berlin, tel.: 030 13889-0, fax: 030 2155050, email: email@example.com.
The complaint can be made to any supervisory authority irrespective of whether it is directly responsible for me or not.