• Datenschutzerklärung

Privacy Policy

In this data protection notice, we inform you (hereinafter also referred to as “user” or “data subject”) in general terms about the data processing carried out in our law firm, and in particular about the data processing that takes place when visiting our website, contacting us via our website’s contact form, and when contacting us by email or telephone. We also inform you of your rights regarding the processing of your data. For the purposes of this notice, “data processing” always refers to the processing of personal data.

1. Name and contact details of the data controller and the company data protection officer

The person responsible for data processing within the meaning of the data protection laws is:

Schönherr Putzker Rechtsanwälte GbR

Joachimsthaler Straße 19
10719 Berlin
Phone +49 30 23 60 74 90
Fax +49 30 23 60 74 912
spr(at)schoenherr-putzker.de

You can reach our contact person for data protection questions at:

Schönherr Putzker Rechtsanwälte GbR

Joachimsthaler Straße 19
10719 Berlin
Phone +49 30 23 60 74 90
Fax +49 30 23 60 74 912
spr(at)schoenherr-putzker.de

2. General information on data processing

a. Categories of personal data

We process the following categories of personal data:

  • Inventory data (e.g. names, addresses, roles, organizational affiliation);
  • Contact details (e.g. email addresses, telephone/fax numbers);
  • Content data (e.g. text entries, image files, videos);
  • Usage data (e.g. access data);
  • Meta/communication data (e.g. IP addresses).

b. Recipients or categories of recipients of personal data

If, in the course of our processing activities, we disclose data to other persons and companies, such as web hosts, processors, or third parties, transmit the data to them or otherwise grant them access to the data, this occurs only where permitted under applicable law (e.g., where the transfer of data to third parties is necessary for the performance of a contract pursuant to Art. 6(1)(b) GDPR), on the basis of the data subject’s consent, or where a legal obligation requires such disclosure.

c. Duration of storage of personal data

The retention period for personal data is determined by the applicable statutory retention, documentation, and limitation periods. Once these periods have expired, the corresponding data will be deleted, provided that they are no longer required for the purpose for which they were collected, i.e., the performance or initiation of a contract.

d. Transfers to third countries

If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)), or if such processing occurs in connection with the use of third-party services or the disclosure or transfer of data to third parties, this will only take place where necessary to fulfil our (pre-)contractual obligations, based on your consent, in compliance with a legal obligation, or in pursuit of our legitimate interests. Subject to legal or contractual permissions, we will process or have personal data processed in a third country only if the specific requirements of Art. 44 et seq. GDPR are met, for example, where processing is carried out under appropriate safeguards, such as an officially recognised adequacy decision or compliance with officially recognised contractual obligations (so-called “standard contractual clauses”).

3. Data processing when visiting our website

a. Log files

Every time a data subject (user) accesses our website, general data and information are stored in the log files of our system:

  • the date and time of retrieval (timestamp);
  • information about the user’s browser type and version used;
  • the user’s operating system (system configuration);
  • IP address of the device used by the user to access the website;
  • the website that the user has previously visited;
  • request details and destination address (protocol version, HTTP method, referer, UserAgent string);
  • name of the retrieved file and amount of data transferred (requested URL incl. query string, size in bytes);
  • message whether the retrieval was successful (HTTP status code).

When using these general data and information, we do not draw any conclusions about the data subject. No personal evaluation, profiling, or use of data for marketing purposes takes place.

The legal basis for the temporary storage of data is Article 6(1)(f) GDPR. Collecting data for the provision of the website and storing it in log files is strictly necessary for the secure operation of our website. Accordingly, the data subject has no right to object.

b. Malware detection and log data evaluation

We collect log data that is generated during the operation of our law firm’s communication technology and evaluate it automatically to the extent necessary to detect, limit, or eliminate disruptions or errors in the communication technology, to defend against attacks on our information technology, or to detect and defend against malware.

The legal basis for the temporary storage and evaluation of the data is Art. 6(1)(f). The storage and evaluation of the data is strictly necessary for the provision and secure operation of our website. Accordingly, the data subject has no right to object.

c. Cookies

Our website uses so-called cookies. Cookies are small text files that are exchanged between your web browser and our hosting server. They are stored on the user’s device and transmitted to our website by the user. You can restrict or prevent the use of cookies by adjusting the settings in your web browser. Cookies that have already been stored can be deleted at any time. Please note that if cookies are disabled, this may mean that the website cannot be displayed or used to its full extent.

The legal basis for the processing of personal data using cookies is Art. 6(1)(f) GDPR.

d. Hosting

The hosting services we use are used to provide the following services: infrastructure and platform services, computing capacity, storage and database services, security services, and technical maintenance services, all of which are used for the purpose of operating our website.

In doing so, we or our processors process inventory data, contact data, content data, contract data, usage data, as well as meta and communication data of website users based on our legitimate interest in the efficient and secure provision of this online service, in accordance with Art. 6(1)(f) GDPR and Art. 28 GDPR.

4. Data processing when contacting us

a. Contact by email

You can contact our law firm by email using the email addresses published on our website.

If you use this contact channel, the data transmitted by you (e.g. surname, first name, address), at a minimum the email address and the information contained in the email, together with the personal data transmitted by you, will be stored for the purpose of responding to your enquiry and processing your request. In addition, the following data is collected by our system:

  • IP address of the accessing computer;
  • Date and time the email was sent.

The legal basis for processing personal data in connecting with emails sent to us is Art. 6(1)(b) and 6(1)(f) GDPR.

b. Contact via website contact form

If you use the contact form provided on our website for communication, it is necessary to provide your surname and first name as well as your email address. Without this data, your request submitted via the contact form cannot be processed. Providing the address is optional and, if you wish, allows us to process your request by post. In addition, the following data is collected by our system:

  • IP address of the accessing computer;
  • Date and time of registration.

The legal basis for the processing of personal data in the context of contact forms submitted to us is Art. 6(1)(b) and 6(1)(f) GDPR.

c. Contact by letter and fax

If you send us a letter or fax, the data you transmit (e.g. surname, first name, address) and the information contained in the letter or fax, together with the personal data you transmit, will be stored for the purpose of contacting us and processing your request.

The legal basis for the processing of personal data in the context of letters and faxes sent to us is Art. 6(1)(b) and 6(1)(f) GDPR.

5. Your rights

As a data subject, you have the following rights in connection with the processing of your personal data:

a. Right of information according to Art. 15 GDPR

(1) The data subject has the right to obtain confirmation from the controller as to whether personal data concerning him or her are being processed; if this is the case, he or she has the right to access this personal data and to the following information:

  • the purposes of processing;
  • the categories of personal data that are processed;
  • the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular in the case of recipients in third countries or international organisations;
  • if possible, the envisaged period for which the personal data will be stored or, if this is not possible, the criteria for determining this duration;
  • the existence of a right to rectification or erasure of personal data concerning them, or to restriction of processing by the controller, or a right to object to such processing;
  • the existence of a right of appeal to a supervisory authority;
  • if the personal data is not collected from the data subject, all available information on the origin of the data;
  • the existence of automated decision-making, including profiling, in accordance with Art. 22 (1) and (4) GDPR and, at least in these cases, meaningful information about the logic involved as well as the scope and intended effects of such processing for the data subject.

(2) Where personal data is transferred to a third country or to an international organisation, the data subject shall have the right to be informed of the appropriate safeguards in accordance with Art. 46 of the GDPR in connection with the transfer.

b. Right to rectification in accordance with Art. 16 GDPR

The data subject has the right to obtain from the controller the rectification of inaccurate personal data concerning him or her without undue delay. Taking into account the purposes of the processing, the data subject has the right to request the completion of incomplete personal data, including by means of a supplementary statement.

c. Right to erasure in accordance with Art. 17 GDPR

(1) The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall be obliged to erase personal data without undue delay if one of the following grounds applies:

  • The personal data is no longer necessary for the purposes for which it was collected or otherwise processed.
  • The data subject withdraws his/her consent on which the processing was based pursuant to Art. 6(1)(a) and Art. 9(2)(a) GDPR and there is no other legal basis for the processing.
  • The data subject objects to the processing in accordance with Art. 21(1) GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing in accordance with Art. 21(2) GDPR.
  • The personal data has been processed unlawfully.
  • The erasure of the personal data is necessary for compliance with a legal obligation under EU law or the law of the Member States to which the controller is subject.
  • The personal data was collected in relation to the information society services offered in accordance with Art. 8(1) GDPR.

(2) If the controller has made the personal data public and is obliged to delete them in accordance with paragraph (1), it shall take appropriate measures, including technical measures, taking into account the available technology and the costs of implementation, to inform data controllers who process the personal data that a data subject from them will request the deletion of all links to such personal data or of has requested copies or replications of such personal data.

(3) Paragraphs (1) and (2) shall not apply to the extent that the processing is necessary

  • to exercise the right to freedom of expression and information;
  • to comply with a legal obligation requiring processing under EU or Member State law to which the controller is subject, or to carry out a task carried out in the public interest or in the exercise of official authority vested in the controller;
  • for reasons of public interest in the field of public health in accordance with Art. 9 (2)(h) and (2)(i) and Art. 9(3) GDPR;
  • for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes pursuant to Art. 89 (1) GDPR, insofar as the right referred to in paragraph (1) is likely to render impossible or seriously impair the achievement of the purposes of such processing, or
  • to assert, exercise or defend legal claims.

d. Right to restriction of processing in accordance with Art. 18 GDPR

(1) The data subject shall have the right to obtain from the controller the restriction of processing if one of the following conditions applies:

  • the accuracy of the personal data is contested by the data subject, for a period of time enabling the controller to verify the accuracy of the personal data,
  • the processing is unlawful and the data subject opposes the erasure of the personal data and instead requests the restriction of the use of the personal data;
  • the controller no longer needs the personal data for the purposes of the processing, but the data subject needs them to establish, exercise or defend legal claims, or
  • the data subject has objected to the processing pursuant to Art. 21(1) GDPR, as long as it has not yet been determined whether the legitimate reasons of the controller outweigh those of the data subject.

(2) Where processing has been restricted in accordance with paragraph (1), such personal data may be processed only with the consent of the data subject or for the establishment, exercise or defence of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of important public interest of the EU or of a Member State.

e. Right to data portability in accordance with Art. 20 GDPR

(1) The data subject shall have the right to receive the personal data concerning him or her which he or she has provided to a controller in a structured, commonly used and machine-readable format and shall have the right to transmit such data to another controller without hindrance from the controller to whom the personal data have been provided, provided that:

  • the processing is based on consent pursuant to Art. 6(1)(a) or Art. 9(2)(a) GDPR or on a contract pursuant to Art. 6(1)(b) GDPR, and
  • the processing is carried out by automated means.

(2) When exercising his or her right to data portability pursuant to paragraph (1), the data subject shall have the right to obtain that the personal data be transferred directly from one controller to another controller, to the extent that this is technically feasible.

The right under paragraph (1) shall not adversely affect the rights and freedoms of any other person.

This right does not apply to processing that is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

f. Right to object in accordance with Art. 21 GDPR

The data subject has the right to object, on grounds relating to his or her particular situation, at any time to the processing of personal data concerning him or her on the basis of Art. 6(1)(e) or (1)(f) GDPR; this also applies to profiling based on these provisions. The controller shall no longer process the personal data unless it can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or the processing serves to establish, exercise or defend legal claims.

Notwithstanding Directive 2002/58/EC, in the context of the use of information society services, the data subject may exercise his or her right to object by means of automated procedures using technical specifications.

g. Right of revocation in accordance with Art. 7(3) GDPR

The data subject has the right to revoke his or her declaration of consent under data protection law at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent before the revocation.

h. Right to lodge a complaint with a supervisory authority in accordance with Art. 77 GDPR

Without prejudice to any other administrative or judicial remedy, every data subject shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her residence, place of work or place of the alleged infringement, if the data subject considers that the processing of personal data concerning him or her infringes this Regulation.

© 2025 Schönherr Putzker Rechtsanwälte