Data privacy declaration
1. General and basic principles of security in communication
When you use this website, various personal data relating to you will be processed (see section 3.1). Personal data is data that can be used to identify you personally.
The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy. This privacy policy is intended to provide a simple overview of what happens to your personal data when you visit our website. It is intended to explain what data we collect and what we use it for. It should also explain how and for what purpose this happens. It should inform you about your rights regarding your data.
We would like to point out that data transmission over the Internet can generally be subject to security vulnerabilities. Complete protection of data against access by third parties is not possible. To ensure the security and confidentiality of the data you transmit to us via our website, we use SSL encryption via HTTPS. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.
Personal data is also processed when communicating by email and when initiating and processing mandates (see section 3.2).
It is known that confidentiality cannot be guaranteed for unencrypted e-mails. If the external sender/recipient of e-mails has the technical requirements to use signature procedures and/or encryption procedures (such as TLS) or password-protected PDFs and wishes to use them, we can also initiate appropriate measures. Alternatively, we can provide an https-protected web portal for the secure exchange of information, which is hosted on our servers.
Furthermore, personal data will be processed if you send us application documents (in particular by e-mail) (see section 3.3).
2. controller
If you use our contact forms on the website, the respective addressee is the controller. The name, address and contact details of the controller are stated in the respective contact form and are available there for permanent retrieval.
For data that is processed on the website but not via the contact forms, the website operators in the legal notice are joint controllers in accordance with Art. 26 GDPR.
In each case, the controller responsible for processing in the case of communication by e-mail, in the case of mandate initiation and processing, in the context of applicant management and in the case of other processing operations is the controller named in the legal notice who carries out the respective processing operation (e.g. the sender of an e-mail according to the e-mail signature, the person authorized according to the mandate agreement, the addressee of an application, etc.).
3. Data collection
3.1 Data collection via the website
Data may be collected from you by you providing it to us. This happens in particular when you use our contact forms. Your data will then be processed on the basis of your consent and for the purpose of responding to your inquiry. We will not pass on your data without your consent. If you withdraw your consent or if your request has been answered or otherwise dealt with, we will delete your personal data. In individual cases, we will store your contact details in case of follow-up questions. Your data will not be deleted even if there are mandatory statutory retention periods.
However, data may also be processed automatically by our IT systems when you access and use our website. This includes your IP address, the date and time the page was accessed, the page accessed or the name of the file accessed, the amount of data transferred and the message as to whether the access/retrieval was successful. We create user profiles using a pseudonym. No connection is made between the person behind the pseudonym and the usage data collected. After this use, your data will be deleted. Permanent storage is excluded. Your data will not be used for commercial purposes. The purpose of this processing and our legitimate interest within the meaning of Art. 6 para. 1 lit. f) GDPR is the error-free provision of the website as well as the statistical processing and improvement of our Internet offer.
3.1.1 Server log files
When you access our website, general information is automatically collected by us or the web space provider. The providers of Internet pages automatically collect and store information in so-called server log files, which your browser automatically transmits to us.
These are in particular
- Browser type and browser version
- Operating system used
- Host name of the accessing computer
- IP address
- Name of the website
- Referrer URL (the page from which you accessed our website)
- Domain name of your internet service provider
- Date and time of the server request
- Success of the access
This information cannot be assigned to specific persons and no conclusions can be drawn about your person from this information. This information is not merged with other data sources. This information is technically necessary in order to correctly deliver the website content you have requested.
If the data collected is no longer required for the above-mentioned purposes, we will delete it if and insofar as there are no legal obligations to retain it.
The legal basis for the data processing necessary for the use of the website is Art. 6 para. 1 lit. b GDPR, which permits the processing of data for the fulfillment of a contract or pre-contractual measures.
3.1.2 Cookies
The website does not use cookies, except for the technically necessary cookie to save your cookie settings.
General information on cookies: Cookies do not damage your computer and do not contain viruses. Cookies are used to make the website more user-friendly, effective and secure. Cookies are small text files that are stored on your computer and saved by your browser. Most of the cookies commonly used are so-called "session cookies". They are automatically deleted at the end of a visit. Other cookies remain stored on your end device until you delete them. These cookies usually make it possible to recognize your browser on your next visit.
You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of a website may be restricted.
3.1.3 Google Maps
This site uses the Google Maps map service via an API. The service will only be accessed with your separate, explicit consent.
General information about Google Maps: This is a service provided by Google Ireland Limited ("Google"), a company incorporated and operated under Irish law (registration number: 368047) with its registered office at Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). To use the functions of Google Maps, your IP address is stored and generally transmitted to and stored on a Google server in the USA. The provider of this site has no influence on this data transfer. The use of the service and the collection of your data takes place for the appealing presentation of our website as a legitimate interest in accordance with Art. 6 Para. 1 lit. f) GDPR. Further information can be found in Google's separate privacy policy. For opt-out options, see the following link.
3.1.4 Matomo
The website uses the open source software tool Matomo (formerly PIWIK) to analyze the surfing behavior of our users. When individual pages of our website are accessed, the following data is stored:
2 bytes of the IP address of the user's accessing system
the website accessed
the website from which the user came to the website accessed (referrer)
the subpages that are accessed from the accessed website
the time spent on the website
the frequency with which the website is accessed
The software runs exclusively on the servers of our website. This data is only stored there. The data is not passed on to third parties. The software is set so that the IP addresses are not stored in full, but the last two bytes of the IP address are masked (e.g. 123.456.xxx.xxx). In this way, it is no longer possible to assign the shortened IP address to the accessing computer.
The legal basis for the processing of users' personal data is Art. 6 para. 1 lit. f GDPR.
The processing of this data enables us to analyze the surfing behavior of our users. By evaluating the data obtained, we are able to compile information about the use of the individual components of our website. This helps us to continuously improve our website and its user-friendliness. These purposes also constitute our legitimate interest in processing the data in accordance with Art. 6 para. 1 lit. f GDPR. By anonymizing the IP address, the interest of users in the protection of their personal data is sufficiently taken into account.
We offer users of our website the option of opting out of the analysis process: Link. In this way, a cookie is set on your system that signals our system not to store the user's data. If you delete the corresponding cookie from your own system in the meantime, you must set the opt-out cookie again.
3.2 Data collection for communication by e-mail and for the initiation and processing of mandates
When communicating by e-mail, data is collected either as a result of disclosure by the data subject (e.g. when sending inquiries by e-mail), by our client, authorities and courts or third parties (such as experts and appraisers) or general public sources (in particular also company registers, commercial registers, credit agencies and residents' registration offices).
The legal basis for these processing activities, insofar as personal data of the client is processed, is Art. 6 para. 1 lit. a (see data protection information in the context of a separately concluded mandate agreement) and lit. b GDPR. With regard to professional/statutory requirements Art. 6 para. 1 lit. c. Otherwise Art. 6 para. 1 lit. f GDPR.
Personal data is stored for as long as its processing is necessary for the aforementioned purposes, unless professional or statutory provisions require a longer storage period.
When communicating by e-mail, we process the personal data you disclose in the course of e-mail correspondence, at least your e-mail address and your name.
Insofar as this is necessary for the establishment of client relationships and the execution and processing of mandates, the processing of personal data includes in particular the personal contact data (such as surname, first name, address, telephone/fax number and e-mail addresses) of
clients and their employees and board members (board members, managing directors),
third parties whose personal data is required for the establishment of the client relationship or the processing of the mandate. These include, among others, direct and indirect shareholders of the client, business and contractual partners and advisors of the client, (potential) opponents in a legal dispute and their legal/tax advisors as well as the employees and board members of the aforementioned persons and bodies,
other persons involved in mandates or proceedings (such as employees of authorities and courts, witnesses and experts).
Insofar as this is necessary for the processing of a mandate, personal data is transmitted to the following recipients
Clients,
authorities and courts,
other third parties. These include direct and indirect shareholders of the client, business and contractual partners and advisors of the client, (potential) opponents in a legal dispute and their legal advisors.
In addition, further personal data is collected insofar as this is necessary and required for the specific processing of the mandate (in particular compliance with legal and professional requirements (such as the Money Laundering Act), determination of the facts, legal assessment, protection of the legal interests of our clients).
3.3 Data collection of application documents
If you send us your application documents, we will store the data contained therein for a maximum period of 6 months from receipt of the application documents. If there is an interest in an extended storage period, we will ask for your explicit consent so that we can contact you again at a later date if necessary.
The following categories of personal data are processed as part of applicant management:
Contact information, in particular first and last name, title if applicable, address, telephone number, e-mail address,
qualification-related information, in particular grades, academic achievements and other information contained in the CV
any photos attached to an application,
if applicable, information on (possibly only planned or hoped for) future training and other career steps as well as professional specializations and interests.
You can object to the further use of your data without giving reasons or withdraw your application at any time. In this case, no further processing of your personal data will take place.
4. Your rights as a data subject
If and insofar as there are no legal restrictions, in particular due to our professional duty of confidentiality (such as pursuant to Art. 14 para. 5 lit. d GDPR in conjunction with Section 43a para. 2 BRAO), you have the right to object to the processing of your personal data at any time. § Section 43a (2) BRAO; Section 29 (1) sentence 2 BDSG), you have the following rights in relation to your personal data.
4.1 Right to information
You have the right to information about the personal data stored about you, its origin and recipients and the purpose of the data processing at any time.
4.2 Correction, deletion or restriction
You have the right to rectification or erasure or blocking of personal data or restriction of processing of this personal data at any time. To exercise these and other data subject rights, you can contact us at any time at the contact addresses given in the legal notice. We would like to point out that deletions cannot be made if retention or storage periods prevent this.
4.3 Data portability
If processing is based on your consent, you have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and to transmit those data to another controller.
4.4 Revocation
If processing is based on your consent, you can revoke it at any time with effect for the future. The lawfulness of the processing carried out on the basis of the consent until revocation remains unaffected.
4.5 Complaint to a supervisory authority
In addition to the aforementioned rights, you have the right to lodge a complaint with a supervisory authority. The competent authority is the supervisory authority in the Member State of your habitual residence, place of work or place of an alleged infringement by the controller.
4.6 Right to object pursuant to Art. 21 para. 1 GDPR
You have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data which is based on point (f) of Article 6(1) GDPR. The controller will then no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims.
5. data protection officer
If a data protection officer has been appointed for the controller, their contact details can be found in the legal notice.